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SYSTEM AND METHOD KORAN 
ADMINISTRATION SERVER 

CROSS-REFERENCES TO RELATED 5 
APPLICATIONS 

U,S, patent application Ser. No. 09/135,149 filed Aug.l7, 
1998, entitled "SYSTEM AND METHOD FOR CON- 
RGURING AND ADMINISTERING MULTIPLE 
INSTANCES OF WEB SERVERS", and Ser. No. 
09/135,253 filed Aug.l7, 1998, now U.S. Pat. No. 
6,272,518 entiUed "SYSTEM AND METHOD FOR 
PORTING A MULTITHREADED PROGRAM TO A 
JOB MODEL", and filed concurrently herewith and 
assigned to the same assignee. They contain related 
subject matter incorporated herein by this reference. 

BACKGROUND OF THE INVENTION 

1. Technical Field of the Invention 

20 

This invention pertains to configuration and administra- 
tion of system components using World Wide Web (WWW) 
technology. In particular, this invention provides a plurality 
of instances of web server, with one of them being precon- 
figured for this administration function to allow web brows- 
ers to configure web-configurable components. 

2. Background Art 

The IBM AS/400 system traditionally uses 5250 terminal 
protocol to configure and administer system components, 
such as start or stop a server, change functional attributes, 3Q 
authorize users, and so forth. This 5250 terminal protocol 
requires a 5250 terminal or 5250 emulator that is known as 
a green screen display. A graphical user interface (GUI) 
presents to a user a much more user-friendly interface than 
a green screen display, and there is a need in the art to 35 
provide a graphical user interface for system configuration 
and administration functions. 

It is quite common today for any system to have a web 
server that hosts some site or sites. Such sites provide web 
content that is made available to web browsers. In general 
the goals of an enterprise with such a site are typical 
business goals that pertain to return on investment or cus- 
tomer satisfaction. Typically, such an enterprise has system 
sites that deal with business applications (such as an elec- 
tronic shopping mall), or information sites (such as the 45 
company's product specifications, or employee benefit 
plans). These sites share in common the protocols that make 
web browsing possible. These include use of the HyperText 
Transfer Protocol (HTTP) and HyperText Markup Language 
(HTML), a Common Gateway Interface (CGI) that allows 50 
system administrators to write dynamic web applications, 
and the content itself, that is the HTML files, images, Java 
applets, wave (audio) files, or other multimedia resources 
known to (that is, accessible by) browsers. 

Some servers have the ability to manage other servers. 55 
However, systems today do not have multiple copies of 
those servers, and there is a need in the art for an adminis- 
tration server capable of managing multiple copies or 
instances of servers. 

Further, there is a need in the art for an administration 60 
Internet connection server (ICS) that is a web (HTTP) server 
for serving a specialized set of applications that provide for 
configuration and administration of web enabled system 
components. These system components can be anything on 
an enterprise or site system that have an application written 65 
for and served by an administration server for the purpose of 
being configured by a web browser. 



,749 B2 

2 

However, for security purposes, this administration Inter- 
net connection server must not share commonality with 
other ICS HTTP server(s) serving the web content that is 
made available by the site system to web browsers. Such an 
administration server preferably allows a user to configure 
certain aspects of the server, such as access and error 
logging, or the ability to run seciu-e HTTP transactions (also 
referred to as HTTPs). However, this administration server 
must be controlled with respect to serving its content to 
browsers irrespective of such configuration by the user. 

Further, there exists the need in the art to provide an 
administration Internet connection server (also referred to as 
an administration server) which is isolated from and there- 
fore does not detract in any way from other, or "normal", 
HTTP server(s) at the site, and does not impose any require- 
ments that the system use its "normal" web server(s) for 
what is considered system administration and configuration. 
It is particularly important that any changes the site makes 
to configuration of its "normal" HTTP server(s) (good or 
bad) cannot affect the configuration of the administration 
server. Furthermore, it is a requirement that any heavily 
loaded "normal" web scrvcr(s) at a site will not affect 
performance of the administration server, and conversely, 
the act of iising the administration server, that is configuring 
and administering some system component, will not have 
any effect of the performance of other HTTP server(s) at the 
site. 

It is an object of the invention to provide an improved 
administration server. 

It is a further object of the invention to provide an 
administration server which serves administration and con- 
figuration applications to a browser's graphical user inter- 
face. 

It is a further object of the invention to provide an 
administration server which serves to a browser capability 
for administering and configuring web enabled system com- 
ponents. 

It is a further object of the invention to provide an 
improved administration server which is isolated from other 
servers at the site. 

It is a further object of the invention to provide an 
improved administration server which is isolated from other 
servers at the site such that loading of either does not 
adversely impact the other. 

It is a further object of the invention to provide an 
improved administration server which enables the manage- 
ment of multiple copies or instances of servers. 

It is a further object of the invention to provide an 
administration server implemented as a browser. 

SUMMARY OF THE INVENTION 

In accordance with the invention, a system and a method 
are provided for serving HTML pages to web browsers for 
the purpose of administration and configuration. A plurality 
of instances of WWW servers is provided, with one such 
instance including a configuration file which is restricted in 
usage and not alterable by way of any HTML configuration 
or administration forms. 

Other features and advantages of this invention will 
become apparent from the following detailed description of 
the presently preferred embodiment of the invention, taken 
in conjunction with the accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a high level system diagram of the administra- 
tion server of the invention. 
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FIG. 2 is a high level system diagram illustrating the 
administration server of the invention as one instance of 
multiple server instances. 

FIG. 3 is a diagrammatic representation of the configu- 
ration and server instance forms presented by the adminis- ^ 
tration server of the invention al a graphical user interface. 

FIG. 4 is a high level system diagram illustrating the main 
components of the system of the invention. 

FIG. 5 is a flow diagram of the method of the invention. 

FIG. 6 is a flow diagram of the * ADMIN site of the 
preferred embodiment of the invention. 

FIG. 7 is a diagram illustrating the AS/400 tasks page. 

FIG. 8 is a diagram illustrating the front page, or first page 
for configuration and administration of ICS in accordance 15 
with a preferred embodiment of the invention. 

FIG. 9 is a diagram illustrating the general configuration 
and administration page for adding a new ICS server 
instance or to manage an existing one in accordance with the 
preferred embodiment of the invention. 

FIG. 10 is a diagram illustrating a server instance page in 
accordance with the preferred embodiment of the invention. 

FIG. 11 is a diagram illustrating a representation of 
instance parameters in accordance with the preferred 25 
embodiment of the invention. 

FIG. 12 is a diagram illustrating a representation of 
configuration and administration in accordance with the 
preferred embodiment of the invention. 

FIG, 13 is a diagram illustrating a basic page. ^0 

FIG. 14 is a diagram illustrating a confirmation page. 

FIG. 15 is a diagram illtistrating secure server instance 
management files and formats. 

FIG. 16 is a diagram illustrating the format of the start 35 
server command. 

FIG. 17 is a diagram illustrating the format of the end 
server command. 

FIG. 18 is a high level system diagram illustrating server 
threading. ^0 

FIG. 19 is a high level flow diagram illustrating server 
threading flow. 

FIG- 20 illustrates the job structure of the HTTP server of 
the preferred embodiment of the invention. 

BEST MODE FOR CARRYING OUT THE 
INVENTION 

In accordance the preferred embodiment of the invention, 
an hypertext transfer protocol (HTTP) web server is pro- 50 
vided for serving browsers. A web server that supports the 
industry standard HTTP protocol is given a hardened (e.g., 
read only) configuration. A task page is provided that 
provides links to any application that can be configured via 
a browser. This one task page is served by this administra- 55 
lion HTTP server. Upon selecting a link to a configurable 
application, the selected pages which arc also served by the 
administration HTTP server, are used to complete the con- 
figuration task. The user interface throughout this process is 
the browser. 60 

The pages, and forms contained therein, are accessed by 
a scries of links from the tasks page, and provide the 
graphical user interface (GUI) for configuring and admin- 
istering those applications. Examples of such applications 
include internet connection secure server, firewall, net. data, 65 
digital certificate manager, nel.commerce and net. question. 
These become a link off of the tasks page and each provides 
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a series of web pages which are traversed to achieve the 
desired configuration. 

In accordance with the invention, forms are designed and 
implemented so that an internet connection server can be 
configured. A configuration file for an Internet connection 
server is built by selecting and entering values upon these 
forms. One or more copies or instances of the Internet 
connection server are provided, and these fonms are used to 
manage these multiple instances. The administration sender 
of this invention enables creation, selection and modification 
of other server instances by leading an authorized user at a 
browser through a series of GUI forms to accomplish the 
change, addition, start, stop, or other action. 

For example, a plurality of instances of Internet connec- 
tion servers (ICSs) exist at a site and need to be managed. 
A form is presented by the administration server listing this 
plurality of other servers, and the user selects the instance 
(that is, the other server) he needs to administer (start, stop, 
change, add, delete). Upon selecting a server and an action, 
a page is presented or displayed at the browser by the 
administration server which will allow further configuration, 
the content of that page depending upon the action selected. 

In accordance with the preferred embodiment of the 
invention, there is provided an administration server that is 
accessed via a web browser. 

Referring to FIGS. 1 and 2, ADMIN server 310 represents 
an instance of an HTTP server. In this preferred 
embodiment, there are provided an instance file 318 with 
one member and a configuration file with one member pair 
314, 316 called ADMIN for installation separate and distinct 
from another instance 311 and configuration file 317 that are 
also provided for installation, but for a system administrator 
s use. A global attributes file 325 is provided. Instance file 
317 overrides the contents of the config file(s) 314, 316, 
which overrides the contents of the attributes file 325. 
Attributes file 325 is referred to as the global attributes file 
because there is only one file member, used by all server 
instances; whereas each instance uses a unique instance file 
member 318 and a particular configuration (config) file 
member 314 (except admin server 310, which uses 2 config 
file members 314, 316). 

In accordance with a preferred embodiment of the 
invention, an Internet connection secure server has a default 
setup that includes two HTTP server instances 310, 311. One 
instance is the ADMIN server 310 that is required for 
configuration and the other is DEFAULT server 311. Default 
server 311 can be started as-is with all of its default settings 
317, 319, 321, 323. The server administrator can customize 
the default server 311 for his own environment and add 
additional servers as desired. 

Referring to FIG. 2 in connection with RG. 7, in accor- 
dance with a preferred embodiment, ADMIN server 310 
serves an AS/400 configuration home page 350 that links to 
other browser configurable products, such as is represented 
by link 352. In operation, when the user (that is, the system 
administrator) points his browser (this is analogous to saying 
http://as400hostname,domain:2001) to the system adminis- 
tration home page, the browser is presented with a page 350 
asking what is to be administered or configured, including a 
hot link 352 to HTTP server configuration pages, or alter- 
natively a different page showing configuration screens for 
the other products. 

Upon selecting link 352, the user is presented initial page 
360. Upon selecting configure HTTP servers 362 on initial 
page 360, the system administrator is presented a general 
configuration and administration form 370 (also referred to 
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as the server instauce form or instance manager page). The 
system administrator is in this manner allowed to select 
either an instance 371 to work with, add a new instance, or 
change the default attributes that potentially affect all HTTP 
servers. Additionally, a user may choose the other hotlinks 5 
364, 366, 368 on this initial page 360 to see some sample 
home pages, some URLs for help, or to return to initial page 
350. 

Referring to FIG, 3, instance manager page 370 provides 
various choices for working with an instance 371, including 
CHANGE 376, DELETE 378, START 380, STOP 382 and 
RESTART 384. Appropriate messages for these commands 
are shown after the command has executed. Help text is 
provided to guide a \iser through the steps. These selections 
are then turned into appropriate control commands in the 
case of START 380, STOP 382 or RESTART 384, or will 
delete an instance 371 in the instance file 318 if DELETE 
378 is selected. 

In accordance with a preferred embodiment of the 
invention, an interface for configuring the AS/400 Secure 20 
Web Server includes web pages and CGI scripts and a 
configuration file validation program. However, the web- 
based configuration function of the preferred embodiment of 
the invention does not use a separate validation program. 
Rather, validation of user entries in the configuration pages 25 
316 is built into the CGI programs. Which CGI program gets 
invoked depends on which button (Apply, Change, . . . ) is 
pushed or which link (i.e.. Global Attribute Values) is 
clicked, regardless of the rest of the page content. These CGI 
programs produce the code set forth in Tables 4-9. 30 

The CGI scripts read current settings from the configu- 
ration file and build configuration pages filled in with those 
settings. CGI scripts are also used to read the values con- 
tained in the configuration pages and write those values out 
to the configuration file. These scripts may be modified to 35 
read or write from or to a configuration file 314 or an 
instance file 318, as appropriate. As will be apparent to those 
skilled in the art, this is common cgi usage, and need not be 
further described. 

In accordance with a preferred embodiment of the 40 
invention, secure server configuration proceeds as follows: 

1. The user opens the Internet Connection Server for 
AS/400** page. 

2. As each general configuration and administration form 
370 (FIG. 3, a specific example of which is illustrated in 45 
FIG. 9 as form 370) is accessed, the "in" CGI script 391 
obtains the appropriate values from the configuration file 
316, instance file 318, global attributes file 325 and builds, 
for example, a page 400 (FIG. 10), which is filled in with 
those values and displayed to the user at the browser. 50 

3. If the user clicks on the "Apply" button 412 (FIG, 10), an 
"out" CGI script 391 calls a vaHdation routine. If valid, 
the configuration directives are written to the instance file 
318 and a confirmation page is returned. Otherwise, an 
error page is returned. 55 

4. If the user clicks on "Reset" button 414 (FIG. 10), the "in" 
CGI script rebuilds the current page. The web browser 
304 resets the input fields. 

Referring to FIG. 4, another view of the main components 
characterizing the environment of the administration and 60 
configuration system 'ADMIN 310 of the invention 
includes system 300 and web browser 304 in communica- 
tion over a network 302. In accordance with the preferred 
embodiment of the invention, web browser 304, any indus- 
try compliant web browser, is the user interface required to 65 
use this *ADMIN server 310. (An altemtive user interface 
is described hereafter in connection with start TCP server 



command 540 and end TCP server command 550, FIGS. 16 
and 17, respectively.) Web browser 304 communicates 
through network 302 using HTTP protocols to the Admin- 
istration (HTTP) Internet Connection Server (ICS) 310, also 
referred to as * ADMIN server 310. 

*ADMIN server 310 is started, and it's functionality is 
controlled, via administration instance file 318, read-only 
administration configuration file 314, read-write administra- 
tion configuration file 316, and global attributes file 325. The 
system administrator can change configuration file 316 in 
order to maintain system compatibility; however, read-only 
administration configuration file 314 contains those param- 
eters which are required to be served by *ADMIN server 
310 to browser 304, and cannot be altered by the system 
administrator. That is, read-only configuration file 314 is 
hardened: while all directives can be put in re ad- write 
configuration file 316, they will not override all of the 
directives that are in read-only file 314. The contents of file 
314 arc shown in Table 3. Server 310 provides a Common 
Gateway Interface (CGI) 308 for the purpose of executing 
CGI applications 306. These applications 306 are described 
later. 

It is quite common today for any system to have a web 
server that hosts some site or sites. Such sites provide web 
content 312 that is made available to web browsers 304, 
such as information sites (for example, the company's 
product specifications, or employee benefit plans). These 
sites share in common the protocols that make web browsing 
possible, that is the HyperText Transfer Protocol (HTTP) 
and HyperText Markup Language (HTML), a Common 
Gateway Interface (CGI) 308 that allows system adminis- 
trators to write dynamic web applications 306, and content 
files 312 such as HTML files, images, Java applets, wave 
(audio) files, or other multimedia resources known to brows- 
ers. 

Administration (HTTP) Internet Connection Server 
(* ADMIN server) 310 is a web (HTTP) server, however it 
serves a specialized set of applications 306, namely those 
that deal with the configuration and administration of web 
enabled system components. These system components 306 
can be anything on the system that has been web enabled. By 
web enabled is meant that an application 306 has been 
written and served via the *ADMIN server 310 for the 
purpose of being configured via a web browser 304. 

*ADMIN server 310 is unique (from other servers) in that 
it does not share any commonality with the System admin- 
istrator s ICS (HTTP) S6rver(s) 311 — that is it is a separate 
instance of the ICS server, with separate configuration and 
instance files 316 and 318, and a specific URL (Uniform 
Resource Locator). *ADMIN server 310 also has a special 
"read-only" configuration file 314 that is shipped and 
installed with the *ADMIN server 310 so the operation of 
the * ADMIN server 310 can be controlled with regards to 
serving its content, irrespective of what the system admin- 
istrator may want to configure from browser 304. In accor- 
dance with this preferred embodiment, the system adminis- 
trator is allowed to configure certain aspects of the server 
such as access and error logging, or the ability to run secure 
HTTP (HTTPs) transactions. 

Read-only configuration file 314 is read by the web server 
before read-write configuration file 316. There are some 
directives which affect web serving in such a way that the 
first directive encountered that covers a particular web 
activity is the directive that will be used to control that 
activity. In effect, these directives cannot be overridden. 
They include Protect, Map, Pass, and Exec. Thus, much of 
the usage of the server that is controlled by the contents of 
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the read-only file 314 will not be overridden by the contents 
of the read- write file 316. Instance parameters 318 woxild 
override the contents of the read-only file 314, but are 
limited in number, and are shown in FIG. 11. For example, 
the contents of the read-only file 314 allows the tasks page 
to be served, and this behavior cannot be overridden. 

Thus, * ADMIN server 310 does not detract in any way 
from the system administrator's "normal" HTTP server(s) 
311, and does not impose any requirements that the system 
administrator use his normal web server(s) 311 for what is 
considered system administration and configuration. The 
web-site (content) the system administrator wants to host is 
separate and distinct from * ADMIN server 310, and any 
changes the system administrator at browser 304 makes to 
his "normal" HTTP server(s) 311 configurations 317 (good 
or bad) cannot affect the configuration 314, 316 of *ADMIN 
servers 310. Furthermore, any heavily loaded system admin- 
istrator's "normal" web server(s) 311 will not affect perfor- 
mance of * ADMIN server 310, and conversely, the act of 
using *ADMIN server 310, that ts configuring and admin- 
istering some system component 306, will not have any 
effect on the performance of the system administrator's 
other HTTP server(s) 311. 

In order to keep the content of *ADMIN server 310 
separate and distinct from the "normal" HTTP server(s) 311, 
it is necessary to provide a unique URL (Uniform Resource 
Locator) so browser 304 can access the home page of 
* ADM IN server 310. There are two different approaches to 
achieving this unique URL. The first is to provide a unique 
host address, and the URL would be: http://some_unique_ 
address. However, the system administrator would have to 
configure this, thereby implying a multi-homed host 300, 
and obtain a separate IP address which may prove to be 
difiScult. The second approach is to "port qualify" the URL 
so that instead of using the well known port for HTTP 
(which is port 80), and the well known port for HTTPs 
(which is port 443), a different port 303, 305 is chosen for 
each protocol, namely port 2001 for HTTP, and 2010 for 
HTTPs. Since it is possible to have a conflict with other 
socket applications, these ports are configurable. The URL 
for * ADMIN server 310 then becomes http://your_host_ 
name: 2001 — this is what the system administrator would 
enter at browser 304 to access the home page 350 (FIG, 7) 
of *ADMIN server 310. 

In accordance with this preferred embodiment, implemen- 
tation of *ADMIN server 310 includes the following: an 
industry standard HTTP server 310 that has a CGI interface 
308; the ability to have (execute) multiple copies of an 
HTTP-ICS server, including *ADMIN server 310 and at 
least one other server 311; control of this *ADMIN server 
310 by means of a configuration file 314, 316, instance file 
318 and global attributes file 325; separate and distinct 
configuration and instance files 317 for the other ICS 
server(s) 311; a "read-only" configuration file 314 that 
guarantees operation of the * ADM IN server 310 (this file 
314 is shipped by the manufacturer to the customer whose 
system 301 this is); a "read- write" configuration file 316 
giving the system administrator the ability to configure some 
aspects of *ADMIN server 310; the ability to configure 
♦ADMIN server 310 to bind to ports 303, 305 different than 
the well known HTTP and HTTPs ports. CGI interface 308 
provides connection between the configuration pages and 
the CGIs. 

In operation, referring to FIG. 5, after a start command 
320 is received, in step 322 *ADMIN instance file 318 is 
read and appropriate parameters are passed to the main 
thread of the program. In step 324, the main thread then 
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reads the configuration files 314, 316, builds a mles list from 
them, and then connects to the HTTP (and perhaps HTTPs) 
ports. In steps 326 and 328, the main thread of server 310 
listens (waits) on the HTTP port, and the SSL listener thread 
listens (waits) on the HTTPs port for work to arrive (that is, 
requests from browser 304), and then passes these requests 
to a non-busy worker thread 330 fi-om a managed pool of 
worker threads. Worker thread 330 is so named since it docs 
all the work, reading, parsing and comparing the request 
against the rules list, and then acting on the rules that are 
encountered. When processing by worker thread 330 is 
complete, it returns information of some kind to browser 
304, which may be the resource 312 requested, output of a 
CGI application 306, or an error message. 

The threads model used for executing ADMIN server 310 
is further described in copending U.S. patent applications 
Ser. No. 09/135,149, filed Aug. 17, 1998, entitled "SYSTEM 
AND METHOD FOR CONFIGURING AND ADMINIS- 
TERING MULTIPLE INSTANCES OF WEB SERVERS", 
and 09/135,253, filed Aug. 17, 1998, now U.S. Pat. 6,212, 
518, entitled "SYSTEM AND METHOD FOR PORTING A 
MULTITHREADED PROGRAM TO A JOB MODEL", the 
teachings of which are herein incorporated by this reference. 

In Table 1, a further elaboration on the operation of of 
* ADMIN server 310 is set forth in pseudo code. In Table 1, 
comment lines are preceded by //. 

TABLE 1 

•ADMIN Seivei 
// pcscudo code for Server 310 

// error handling is not shown here but is required for 

// product level implcmeatations 

START TCP SERVER COMMAND 320 RECEIVED INDtCAHNG 
START -ADMIN SERVER 310 OR START TCP COMMAND 
RECEIVED AND AUTOSTART- "YES 

READ AND PARSE *ADMIN SERVER INSTANCE FILE 318 

START MA[N 'ADMIN THREAD WITH ANY OVERRIDE 

PARAMETERS 
//mail] thread processing 

SETUP SIGNAL HANDLERS 
// iiseful for such things as realizing the end tcp server 
// command has been issued. This way polling is avoided 
// for the end command, and the main loop can do real work 

READ AND PARSE OONFIGURAnON FILES 314, 316 

BUILD RULES UST 
// this mles list is what governs the behavior of the 
// server 

FOR ALL SERVER ATTRIBUTES IN CONFIGURATION FILE 
314, 316 

// server attributes include such things as number of worker 
// threads code pages for translations, access and error 
// logging if turned on 

// additional listener thread 328 if running HTTPs also 

SETUP APPROPRIATE ERROR, LOGGING, ALARM THREADS 
SETUP WORKER THREADS 330 

// if all goes well, bind to specified socket and wait 

// for work 

// usually 2001 for 'ADMIN HTTP 

// usually 2010 for * ADMIN HTTPs (secure HTTP transactions) 

CONNECT TO SOCKET SPECinED IN CONRG OR OVERRIDE 
PARMS OR SERVICES TABLE 

WAIT IN ACCEPT LOOP FOR BROWSER REQUESTS 

WHEN REQUEST ARRIVES, PASS THE SOCKET DESCRIPTOR 

TO A WORKER THREAD 330 

BACK TO WAIT IN ACCEPT LOOP 
// a worker thread that is not busy is selected from the 
// pool 330 of worker threads. 
// now worker thread has the socket descKptor 

READ HTTP REQUEST FROM SOCKET 

APPLY RULES LIST TO HTTP REQUEST 

IF A MATCH OCCURS 
// there may be more than one, but first match wins 

PROCESS RULE WITH THIS" HTTP REQUEST 
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TABLE 1-cxjntinued 



*ADMIN Server 

// CASE statement as long as number of rules in rules list 5 
// rule is applied to path part of URL 
SELECT RULE 
CASE: PROTECT 

DETERMINE PROTECnON SETUP SUB-DIRECnVES 
APPLY SUB-DIRECnVE POLIOES 

CHECK CREDENTIALS AND AUTHENTICATE USER 10 
IF USER IS AUTHENTICAHED 

co^a^NUE processing through rules 

LIST 

else, send back AUTHEISrnCATION FAILURE 
CASE: pass 

LOCATE RESOURCE SPECmED IN THE PATH PART 55 
OF THE URL, GET READY TO SEND RESOURCE 

CASE: FAIL 

GENERATE FORBIDDEN BY RULE MESSAGE 

CASE: EXEC 

LOCATE PROGRAM TO RUN (IN THE URL) 
PREP ENTVIRONMENT BY SEmNG UP STDIN, 
ENVIRONMENT VARIABLES AND ^OUT 
RUN PROGRAM 

WHEN PROGRAM RmJRNS, DATA IS IN STDOUT 
CASE: MAP 

FOR MATCHED ITEM IN TEMPLATE FIELD 
REPLACE MATCHED ITEM WFTH 
REPLACEMENT RELD 
CONTINUE PROCESSING THROUGH RULES UST 
// end of processing through rules list, resource requested 
// should be buffered and present, therefore get ready to 
// send it to the browser 

// must be HTTP like before returning data to browser 
// that includes things such as choosing correct MIME types, 
// counting output bytes, time of day, server response 
// headers 

APPLY THE CORRECT HTTP RESPONSE HEADERS 
RETURN OUTPUT TO BROWSER 

CLOSE THIS CONNECTION 35 
// note, socket options allow the application to close the 
// connection without worrying about how much data was sent 
// (since this is TCP) 

RETURN THIS THREAD 330 TO WORKER THREAD POOL 
WAIT FOR MORE WORK 
// end of pseudo code for Server 310 40 



The services table referred to at line 33 is used by many 
of the components of the IBM AS/400 TCP/IP, and is not 
shown in the figures. At lines 66-67 reference is made to 
variables STDIn and STDOUT These are pathways used by 
the server to receive or send information from/to the CGI 
programs, with STDIN to the CGI and STDOUT from the 
CGI. 

Referring to Table 2, a sample instance file 318 is set 
forth. This sample instance file 318 indicates what configu- 
ration files 314, 316 are read and processed in step 324 by 
* ADMIN server 310. There can be other things in this 
instance file, and such things would be placed here when the 
"Instance Parameter" form 420 (FIG. 8) has been correctly 
filled out. The two files indicated here at lines 2 and 3 would 
be read and parsed by the * ADMIN server 310 in step 322. 
The other flag shown at line 3, -AutoStarlN, indicates that 
this sample server 310 will not Autostart when its TCP/IP 
stack is invoked. (However, admin server 310 can be 
autostarled by changing its instance parameter values.) The 
-r show which configuration file members are being read by 
the web server for a particular instance (the read-only before 
the read-write), line 4 shows that the instance is not 
autostarted. 



TABLE 2 

Instance File 318 

// Sample of instance file that drives the admin server 310 
-r/QSYS.UB/QTCRLIB/QATMHTTPI.FILE/DEFAULrMBR 
-r/QSYS.UB/QUSRSYS.UB/QATMHTTPA.nLE/ADMIN.MBR 
-AutoStarlN 



Referring to Table 3, a sample configuration file is pre- 
sented for controlling the operation of * ADMIN server 310. 
In this table, a indicates a comment line, and these are 
not processed by the server. Other lines set forth the direc- 
tives that get processed into "rules". These rules are then 
applied on a per request basis to the path portion of the URL. 

Following is a description of the functions provided by 
configuration file 314, including the manner in which to 
interpret the Enable, Protect, Map, Pass, Exec and AddType 
commands. 

Dir Access (Table 3, Line 13) 

This directive specifies whether the server is to return 
directory listings when requested. The values on the Wel- 
come and Always Welcome directives determine when a 
request is interpreted as a request for a directory listing. 

The default value is Off, which means that the server 
cannot return directory listings for any directories and 
subdirectories. If it is desired to control which directories 
and subdirectories the server can return directory listings for, 
use: 

DirAccess Selective 

If the value is changed to On, the server will return 
directory listings. 

If the value is changed to Selective, the server will return 
directory listings for any directory that contains a file named 
wwwbrws object. The contents of the wwwbrws file are not 
important, the server only checks for its existence. The 
object is a member name of an AS/400 physical file or a type 
of object in an integrated file system directory. For case- 
sensitive file systems such as /QOpenSys, the wwwbrws 
name is lower-case. 
Examples; 

DirAccess On 

DirAccess Selective 
Enable Line 15 

This directive is used to specify which HTTP methods the 
server is to accept. As many of the HTTP methods may be 
enabled as needed. For each method the server is to accept, 
a separate Enable directive is entered followed by the name 
of the method. 
Example: 

Enable POST 
Protection Table 3 Lines 21-31 

This directive is used to define a protection setup within 
the configuration file. The protection setup is given a name 
and the type of protection is defined using protection sub- 
directives. 
Note: 

In the configuration file. Protection directives must be 
placed before any DefProt or Protect directives that point to 
them. 



25 



30 



35 



40 



45 



50 



55 



60 



05/04/2004, EAST Version: 1.4.1 



us 6, 

11 

The format of the directive is: 



Protection lab el- name { 
subdirective value 
subdirective value 



) 

where: 



Label-name 

The name to be associated with this protection setup. The 
name can then be used by subsequent DefProt and Protect 
directives to point to this protection setup. 

Subdirective Value 

A protection subdirective and its value is placed on each 
line between the left brace and the right brace. No comment 
lines may appear between the braces. 

See "Protection Subdirectives" for descriptions of the 
protection subdirectives. 
Example: 



Protection NAME-ME { 
AuthType Basic 
ScrverlD restricted 

PasswdFile QUSRSYS/WWW/PAS SWORD 
GroupFilc AVWW/group .grp 
GetMask groupname 

} 



Protection Subdirectives 

Following are descriptions of each of the protection 
subdirectives that can be used in a protection setup. The 
subdirectives are in alphabetical order. 

Protection setups are within the configuration file as part 
of DefProt, Protect, or Protection directives. 

A Mask, GetMask, or PostMask subdirective must be 
specified in the protection setup. 

See "Protection example" and the previous descriptions of 
the DefProt, Protect, and Protection directives for examples 
of using protection setups. 

ACLOverride 

Specifies that ACL Files Override Protection Setups.l. 

This subdirective is used with a value of On if Access 
Control List files (ACL) is to override the masks specified in 
the protection setup. If a directory being protected by the 
protection setup has an ACL file, the mask subdirectives in 
the protection setup are ignored. (The mask subdirectives are 
GetMask, Mask, and PostMask.) 

See "Using Access Control List (ACL) files" for more 
information on ACL files. 
Example: 

ACLOverride On 

AuthType 
Specifies Authentication Type. 

This subdirective is used to limit access based on user 
names and passwords. The type of authentication to use 
when the client sends a password to the server is specified. 
With basic authentication (AuthType Basic), passwords are 
sent to the server as plain text. They are encoded, but not 
encrypted. Only basic authentication is supported. 
Example: 

AuthType Basic 
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GetMask 

Specifies the User names, Groups, and Addresses Allowed to 
get Files. 

This subdirective is used to specify user names, groups, 
5 and address templates authorized to make GET requests to 
a protected directory. The special value all@(*) will allow 
all requesters access. See "Rules for specifying user names, 
group names, and address templates". 
Example: 

GetMask authors, (niceguy,goodie)@96. 96. 3.1, 

128.141.*.* 
Group File 

Specifies the Location of the Associated Group File. 

This subdirective is used to specify the path and file name 
of the server group file that this protection setup is to use. 
The groups defined within the server group file can then be 
used by: 

1. Any mask subdirectives that are part of the protection 
setup. (The mask subdirectives are GetMask, Mask, and 
PostMask.) 

20 2. Any ACL file on a directory that is protected by the 
protection setup. 
See "Using server group files" more information about 
server group files. 
Example: 

25 Group File /docs/etc/WWW/restrict.grp 
Mask 

Specifies the User Names, Groups, and Addresses Allowed 
to Make HTTP Requests. 

This subdirective is used to specify user names, groups, 
3Q and address templates authorized to make HTTP requests 
not covered by other mask subdirectives. The special value 
all@(*) will allow all requesters access. See "Rules for 
specifying user names, group names, and address tem- 
plates". See "Methods — Set method acceptance" for 
descriptions of the HTTP methods supported by the server 
Note: 

Masks are case sensitive. The following is an example of 
how Mask protection is issued on a user ID: 
Example: 

MASK WEBADM,webadm 

PasswdFile 

Specifies the Location of the Associated Validation List. 

This subdirective is used when limiting access based on 
user names and passwords. The PasswdFile directive may be 
issued by one of the following methods: 
45 1. Specify the path name of the validation list that this 

protection setup is to use: 

libname/validation_list_namc 

2. Specify %%SYSTEM%% to indicate that the AS/400 
user profiles are to be used to validate user names and 

50 passwords- 
Examples; 

PasswdFile %%SYSTEM%% 
PasswdFile QUSRSYS/HEROES 

In the above example, note that %%SYSTEM%% lets the 
55 server know that password verification is done with an 
AS/400 user profile. 
PostMask 

Specifies the User Names, Groups, and Addresses Allowed 
to Post Files. 

60 For a secure server, this subdirective is used to specify 
users, groups, and address templates authorized to make 
POST requests to a protected directory. The special value 
all@(*) will allow all requesters access. See "Rules for 
specifying user names, group names, and address tem- 

65 plates**. 
Example: 

PostMask Anyone@9.136.* 
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ServerlD 

Specifies a Name to Associate with the Validation List, 

This subdirectivc is used when limiting access based on 
user names and passwords. A name to associate with the 
validation list being used is specified. The name does not 
need to be a real machine name. 

The name is used as an identifier to the requester. Since 
different protection setups can use different vaUdation lists, 
having a name associated with the protection setup can help 
the client decide which password to send. This name may be 
displayed when prompting for a user name and password. 
Example: 

ServerlD restricted 

UserlD 

Specifies the Access Control User ID that the Server should 
Use. 

This subdirective is used to specify the AS/400 user 
profile that the server switches to while completing the 
HTTP transaction. 

%%SYSTEM%% is specified to use the profile of the 
server, default QTMHHTTP. 

%%CLIENT%% is specified to use the user profile that 
was supplied when challenged for user ID and password. 

The values specified here (on the Use rid Protection 
subdirective) override the values specified on the Use rid 
directive. 
Example: 

UserlD WWW 
Protect Table 3 Line 37 

This directive is used to activate protection setup rules for 
requests that match a template. 

For protection to work properly, DefProt and Protect 
directives m\ist be placed before any Pass or Exec directives 
in the configuration file. 

The format of the directive is different depending upon 
whether it is to point to a label containing the protection 
subdirectives or to include the protection subdirectives as 
part of the Protect directive. 

1. To point to a label containing the protection subdirectives, 
the format is as follows: 

Protect request-template [label [FOR IP-address-template]]] 

2. To include the protection subdirectives as part of the 
Protect directive, the format is as follows: 



Protect request-template [TP- address- temp late]] 
subdirective value 
subdirective value 



} 



where: 

Request- tempi ate 

A template for requests for which protection is to be 
activated. The server compares incoming chent requests to 
the template and activates protection if there is a match. 

Label 

This parameter is used to identify the protection setup 
containing the protection subdirectives to activate for 
requests that match re quest -temp late. 

This parameter is optional. If it is omitted, the protection 
setup is defined by the most recent DefProt directive that 
contains a matching template. 

Protection setup is defined with protection subdirectives. 
See "Prelection Subdirectives" for descriptions of the pro- 
tection subdirectives. 



A protection setup label name that matches a name 
defined earlier on a Protection directive. The Protection 
directive contains the protection subdirectives. 
Subdirective Value 

A parameter used to include the protection subdirectives 
as part of the Protect directive. The left brace character must 
be the last character on the same line as the Protect directive. 
Each subdirective follows on its own line. The right brace 
character must be on its own line following the last subdi- 
rective line. 

No comment lines may be placed between the braces. 
See "Protection Subdirectives" for descriptions of the 
protection subdirectives. 
For IP-address-template 

If the server has multiple connections, this parameter can 
be used to specify an address template. The server uses the 
directive only for requests that come to the server on a 
connection with an address matching the template. It is the 
address of the server's connection that is compared to the 
template, not the address of the requesting client. 
20 A complete IP address may be specified (for example, 
204.146.167.72) Or, an asterisk can be used as a wildcard 
character to specify a template (for example, 9.99.*). 

This parameter is optional. Without this parameter, the 
server uses the directive for all requests regardless of the 
25 connection the requests come in on. 

To use this parameter, the label or subdirective value 
parameters must also be used. 
Examples: 



15 



30 



35 



40 



UserlD ANYBODY 
Protection DEF-PROT { 

UserlD BUSYBODY 

Authiype Basic 

ServerlD restricted 

PasswdFile QUSRSYSlAVWW/restrict 
OioupFile ydocsAVWW/restrict.grp 
GetMask authors 

} 

Protect /secret/business/* DEF-PROT 
Protect /topsccret/* { 

AuthType Basic 

ServerlD restricted 

PasswdFile QUSRSYS/rOPBRASS 
GroupFile /docs/WWW/rcstrict.grp 
GetMask topbrass 



45 



} 



Pass 
Pass 



/secret/scoop/* 

/secret/business/* 

Aopsecret/* 



AVWW/rcstrictcd/* 

/WWW/confidcntial/* 

/WWW/topsccret/- 



In the above example, the server would activate protec- 
50 tion as follows: 

1. Since the Protect directive does not specify a protection 
setup, the protection setup on the previously matching 
DefProt directive is used. Also, the server changes to the 
user profile of web name as defined on the DefProt direc- 

55 live. 

2. Requests beginning with /secret/business/ activate pro- 
tection. The protection setup is defined on the Protection 
directive that has a label of DEF-PROT. Also, the server 
changes to the user profile of busybody as defined in the 

60 DEF-PROT protection setup. 

3. Requests beginning with /topsecrel/ activate protection. 
The protection setup is included directly on the Protect 
directive. The user profile defaults to ANYBODY. 
(ANYBODY comes from the Userld directive at the 

65 beginning of the example.) 

Note: The user profile ANYBODY must exist and the 
server much have authority to use it. 
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Examples: 



Protect /secret/* CustomerA-PROT webaame 
204.146.167.72 

Protect /secret/" CustomerB-PROT webname 9.67.* 
Protect /topsecrety* webname 204.146.167.72 { 

AuthType Basic 

ServerlD restricted 

PasswdFile QUSRSYS/WWW/CUSTOMERA 
GroupFile /docs/WWW/customer-A.grp 
GetMask A-brass 

} 

Protect /topsecret/* webname 9.67.* { 
AuthType Basic 
ScrverlD restricted 

PasswdFile QUSRSYS/WWW/CUSrOMERB 
GroupFile /docs/WWW/customcr-B.qrp 
GetMask B-brass 

} 



The above examples use the optional IP address template 
parameter. If the server receives requests that begin with 
/secret/ or /topsecret/, it activates a different protection setup 
for the request based on the IP address of the connection the 
request comes in on. 

For /secret/ requests coming in on 204.146.167.72, the 
server activates the protection setup defined on a Protection 
directive with a label of CustomerA-PROT. For /topsecret/ 
requests coming in on 204.146.167.72, the server activates 
the protection setup defined inline on the first Protect 
directive for /topsecret/. 

For /secret/ requests coming in on any connection with an 
address beginning 9,67, the server activates the protection 
setup defined on a Protection directive with a label of 
CustomerB-PROT. For /topsecret/ requests coming in on 
any connection with an address beginning 9.67, the server 
activates the protection setup defined inline on the second 
Protect directive for /topsecret/. 
Map Table 3 Line 49 

This directive is used to specify a template for requests 
change to a new request string. After the server changes the 
request, it takes the new request string and compares it to the 
request templates on subsequent directives. 

The format of the directive is: 

Map request- template new-request [IP-address-template] 

where: 
Request-template 

A template for requests that the server is to change and 
then continue comparing the new request string to other 
templates. 

An asterisk may be used as a wildcard in the template. 
New-request 

The new request string the server is to continue to 
compare to the request templates on subsequent directives, 
new- request may contain a wildcard if the request- template 
has one. The part of the request that matches the request- 
template wildcard is inserted in place of the wildcard in 
new- re que St. 

IP-address-template 

If the server has multiple connections, this parameter cap 
be used to specify an address template. The server uses the 
directive only for requests that come to the server on a 
connection with an address matching the template. It is the 
address of the server's connection that is compared to the 
template, not the address of the requesting client. 

A complete IP address may be specified (for example, 
204,146.167,72). Or, an asterisk may be used as a wildcard 
character and a template specified (for example, 9.99.*). 
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This parameter is optional. Without this parameter, the 
server uses the directive for all requests regardless of the 
connection the requests come in on. 
Examples: 

Example for a Map request with /cgi-bin/ as a PGM 
object: 



Map /cgi-bin/* /cgi-bin/* .pgm 
10 Exec /cgi-bin/* .pgm /qsys.Ub/cgilib.lib/* 



In the above example, the server would take any requests 
starting with /cgi-bin/ and change the /cgi-bin/ portion of the 
request to /cgi-bin/* .pgm. Anything that followed /cgi-bin/ 
on the original request would also be included in the new 
request string. So /cgi-bin/whatsup/ would change to /cgi- 
bin/whatsup .pgm . 

The Exec directive would change the /cgi-bin/ 
whatsup.pgm to /qsys,lib/cgilib.lib/*. This change allows 
20 the Internet Connection Secure Server to execute the pro- 
gram cgipgm in library cgilib. The server woxxld take the 
new request string and continue to compare it to request 
templates on subsequent directives. 



Map /stu^* /customerA/good/stuff/' 204.146.167,72 
Map /stuff/* /customcrB/good/stu©* 9.99.* 



3Q The above examples use the optional IP address template 
parameter. If the server receives requests that begin with 
/stuff/, it changes the request to a different request string 
based on the IP address of the connection the request comes 
in on. For requests coming in on 204.146.167.72 the server 
changes the /stuSJ portion of the request to /customer A/ 
good/stuf[^. For requests coming in on any connection with 
an address beginning 9.99, the server changes the /stuff/ 
portion of the request to /customerB/good/stuff/. 
Pass Table 3 Line 76 
This directive is used to specify a template for requests to 
40 be accepted and responded to with a document from the 
server. Once a request matches a template on a Pass 
directive, the request is not compared to request templates 
on any subsequent directives. 
The format of the directive is: 
45 Pass request-template [file-path IP-address-tcmplate]] 
where: 
Request-template 

A template for requests the server is to accept and respond 
to with a document from the server. 
50 An asterisk can be used as a wildcard in the template. 
File -path 

The path to the file that contains the document the server 
is to return, file -path may contain a wildcard if the request- 
template has one. The part of the request that matches the 
request-template wildcard is inserted in place of the wild- 
card in file-path. 

This parameter is optional. If a path is not specified, the 
request itself is used as the path. 

IP-address-template 

If the server has multiple connections, this parameter can 
60 be used to specify an address template. The server uses the 
directive only for requests that come to the server on a 
connection with an address matching the template. It is the 
address of the server's connection that is compared to the 
template, not the address of the requesting client, 
65 A complete IP address may be specified (for example, 
204.146,167.72). Or, an asterisk can be used as a wildcard 
character and a template specified (for example, 9.99.*). 
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This parameter is optional. To use this parameter, the contains the CGI program. The request- template is case 

file-path parameter must also be used. Without the sensitive, but the replacement string is only case sensitive 

IP- address-template parameter, the server uses the directive when it refers to a case sensitive file system, 

for all requests regardless of the connection the requests Example: 

come in on. s 
Examples: 



Map /cgi-bin/' /cgi-bin/'.pgm 

Exec /cgi-bin/' /qsys.lib/cgilib.lib/' 



QDLS: 


Pass 


/doc/* 


/QDLS/WEBTEST/* .HTM 


Root: 


Pass 


/root/" 


/WEBSAMP/-.html 


QOpcnSys: 


Pass 




/QOpcnSys/WEBSAMP/* .btm] 


QSYS: 


Pass 


/lib/* 





/QSYS.LIB/WEBSAMP.LIB/HTMLDOC.FILE/^.MBR 



This example substitutes the value after /cgi-bin/ as the 
name of the program. The Exec directive identifies the 
hbrary where the CGI program specified in /cgi-bip/ is 
stored. The Exec directive changes the directive to the cgilib 
Ubrary. 

Specifying Pass with /* as a template and no replacement 35 Program-path 
string allows the server to serve any AS/400 file that The path to the file that contains the CGI program that the 

QTMHHTTP user profile has read access to, with a request ^^^ver is to execute for the request. 

that specifies the AS/400 real document name; for example, programs can be run from the QSYS file system, 

/QSYS.LIB/PERS0NAL.LIB/DATA.F1LE/PAYMBR. A ^^^^^ program-path must also contain a wildcard. The wild- 
Pass directive with /* as a template can be used to i^fer to 20 ^^'^^ ^ replaced with the name of the fi e that contains the 
a replacement siring that would serve an AS/400 document; V^ogr^^, The request can also contain addiUona data 

r ^ in 7* / / * / u u/ 1 iJ ttial IS passed to the CGI program in the PATH_irNrFO 

for example, Pass /* /www/webdata/web.html. would environment variable. The additional data follows the first 
be used after all other Map, Pass, Exec, and Redirect slash character that comes after the CGI program file name 
directives to prevent anyone from gettmg an Error 403 x^c^tsi. The data is passed according to CGI sped- 

"Forbidden by rule". 25 ^cations. 

In the above example for the QDLS file system, the server IP-address-template 
would respond to a request starting /doc/ with a document if the server has multiple connections, this parameter is 

from /QDLS/WEBTEST/. Anything that followed /doc/ used to specify an address template. The server uses the 
would also be used to identify the document. So the server directive only for requests that come to the server on a 
would respond to the request /doc/test/testl/doctest.html 30 connection with an address matching the template. It is the 
with the document in file /QDLS/WEBTEST/test/testl/ address of the server's connection that is compared to the 
doctest.html. template, not the address of the requesting client. 

Pass /gooddoc/* A complete IP address may be specified (for example, 

In the above example, the server would respond to a 204.146.167.72), Or, an asterisk may be used as a wildcard 
request starting with /gooddoc/ with a document from 35 character and a template specified (for example, 9.99.*). 
/gooddoc. So the server would respond to the request parameter is optional. Without this parameter, the 

/gooddoc/volumel/issuc2/newsletter4.html with the docu- ^^^^^ ^.^^ '^^^^^^^ ^.^ ^^^^^^ regardless of the 
ment in file /gooddoc/volumel/issue2/newsleller4.html. connection the requests come m on. 

Example 



Pass /parts/* /customerA/catalog/* 204.146.167.72 



Pass /parts/* /customer B/catalog/* 9.99.* ^^^P /cgi-bin/* /cgi-bin/*. pgm 
1 Exec /cgi-bin/* /QSYS.LIB/CO[BIN.LIB/* 



The above examples use the optional IP address template 45 r .i_ i_ 1 . . c j 

,f . . * u • '^u In the above example, the server expects to find the CGI 

parameter. If the ^tver receives requests that begin with ^^^^^^ ^ ^ 

/parts/ It returns a file from a different directory based on the http://hostname/cgi-bin/mycgi causes the server to attempt 

IP address of the connection on which the request is to mn the program named MYCGI, in library CGIBIN. The 

received. For requests coming m on 204.146.167.72 the j^^p directive adds the .pgm to the program name so .pgm 

server returns a file from /customerA/catalog/. For requests 50 does not have to be specified on the URL request. The 

coming in on any connection with an address beginning request arrives at the server as: 
9.99, the server returns a file from /customer B/catalog/. 
Exec Table 3 Line 126 

This directive is used to specify a template for requests to 

be accept and responded to by running a CGI program. Once ss /cgi-bin/mycgi The request arrives, 

a renuest matches a temnlate on an Exec directive the /cgi-bin/mycgi.pgin The Map dirccUve adds the .pgm. 

a request maicnes a template on an txec oirecuve, ine /QSYS.UB/CGiBrNXiB/* The request changes to idenufy 

request is not compared to request templates on any subsc- the path to the program (As/400 

quent directives. library.) 

The format of the directive is: 

Exec request-template program-path [IP-address- 60 AddType Table 3 Line 132 

template] where: This directive is used to bind files with a particular 

Request-template extension to a MIME type/subtype. Multiple occurrences of 

A template for requests that server is to accept and this directive may be used in the configuration file. The 

respond to by running a CGI program. format of the directive is: 

An asterisk must be used as a wildcard in the program- 65 AddType extension type/subtype encoding [quality] 

path. The part of the request that matches the request- where: 

template wildcard must begin with the name of the file that .extension 
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AddTypc 
AddTypc 



.ps application/postscript 
application/binary 



8bit 
binary 



1.0 
0.3 



the server would use the application/postscript line because 

its quality number is higher. 

Example: 

AddType .bin application/octet-stream binary 0.8 



TABLE 3 



Configuration File 314 



4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 



start sample of configuratioQ file that drives #ADMIN 
server 310 



HostName your.fuU. host, name 

The default ports for the adniinstration server are set 
in the services table. 



# 
# 

^ .................... . 

# 

# HTTP Administration server configuTation 
# 

#* * 

# 
# 

# 
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The file extension pattern. The wildcard character (*) may 
be used only on the following two special extension pat- 
terns: 

Matches all file names that contain a dot character (.) and 
have not been matched by other rules 
* 

Matches all file names that do not contain a dot character 
(,) and have not been matched by other rules 
Type/Subtype 

The MIME type and subtype to bind to files that match the 
corresponding extension pattern. 
Encoding 

The MIME content encoding to which the data has been 
converted: 

7 bit 

Data is all represented as short (less than 1000 characters) 
lines of US -ASCII data. Source code or plain text files 
usually fall into this category. Exceptions would be files 
containing line-drawing characters or accented characters. 

8 bit 

Data is represented as short lines, but may contain char- 
acters with the high bit set (for example, line-drawing 
characters or accented characters). PostScript files and text 25 
files from European sites usually fall into this category. 

binary 

This encoding can be used for all data types. Data may 
contain not only non-ASCII characters, but also long 
(greater than 1000 characters) lines. Almost every file of 30 
type image/*, audio/*, and video/* falls into this category, as 
do binary data files of type application/*. 

quality 

An optional indicator of relative value (on a scale of 0.0 
to 1.0) for the content type. The quality value is used if 
multiple representations of a file are matched by a request. 
The server selects the file that is associated with the highest 
quality value. For example, if the file internet.ps is 
requested, and the server has the following Addiype direc- 
tives: 



50 



DirAccess 



Off 



60 
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TABLE 3-continued 



ConfiguratioQ File 314 



18 # ENABLE start 

19 Eaablc POST 

20 Enable GET 

21 Enable HEAD 

22 # ENABLE end 

23 # 

24 # PROTECTION start - Force authentication and treat as 

25 # AS/400 -USKPRF 



/QIBM/Firewall/* 

/QIBM/NetC/* 

/ 

/AS400TASKS 

/QIBM/OS400/* 

/QIBM/ICS/HTMU* 

/QSYS.LIB/QSYSCGLUB/* 

/QSYS.LIB/QTCPCGLUB/* 

/QIBM/ICSS/Cert/* 



IBMDFTP 
IBMDFTP 
EBMDFTP 
IBMDFrP 
IBMDFTP 
IBMDFrP 
IBMDFTP 
IBMDFTP 
IBMDFTP 
# 
# 
# 



26 Protection IBMDFTP { 

27 Authiype Basic 

28 ServerlD OS400ADM 

29 Userid %%CLIENr%% 

30 PasswdFile %%SYSTEM%% 

31 GetMask All 

32 PostMast All 

33 } 

34 # PROTECnON end 

35 # 

36 # PROTECT start 

37 Protect 

38 Protect 

39 Protect 

40 Protect 

41 Protect 

42 Protect 

43 Protect 

44 Protect 

45 Protect 

46 M PROTECT end 

47 # 

48 # MAP start 

49 Map /QIBM/Fircwall/Admin/* 

50 /QS YS.LIB/QSYSCGL LIB/DB2WWW. PGM/QIBM 

51 /ProdData/HTTP/Protcct/Fircwall/Macro/' 

52 Map /QIBM/NctC/Admin/QSYS.UB/QSYSCGI.LIB 

53 AVEBCONFIG.PGM/loadmlt 

54 Map /QIBM/NetC/Admin/webconfig/* 

55 /QSYS.LIB/QSYSCGI.UB/WEBCONFIG.FGM/- 

56 Map /QIBM/NctworkStation/Admin /QYTOQYTCMAIN.PGM 

57 Map /QIBM/ICSS/CertyAdmin/" 

58 /QSYS.LIB/QSYSCGLLIB/DB2WWW.PGM 

59 /QIBM/ProdData/HTTF/Fiotcct/ICSS/Ccrt/Macro/* 

60 Map / 

61 /QSYS.LIB/QSYSCGLLIB/DB2WWW.PGM 

62 /QIBM/ProdData/HTTP/Protect 

63 /OS400/Macro/qyuninaiii.ndin/main0 

64 Map /AS400TASKS /QSYS.LIB/QSYSCGLUB/ 

65 DB2WWW.PGM/QIBM/ProdData/HTrP/Protect/OS400/Macro 

66 /qyuiunain.ndm/mainO 

67 Map /QIBM/ICS/HTML/MRI2924/izaglmsLhtEnl 

68 /QS YS.LIB/QTCPCGL Lffi/QTMHFMIN.PGM/QUICKBGN 

69 Map /QIBM/ICS/HTMUMRI2924/sample-htinl 

70 /QS YS.LIB/QTCPCGL LIB/QTMHFMIN.PGM/SAM PLE 

71 Map /QIBM/ICS/HTM17MRI2924/icswginst.htmI 

72 /QS YS.LIB/QTCPCGL LIB/QTMHFMIN.PGM/WEBM^GD 



73 # MAP end 

74 # 

75 # PASS start 

76 Pass /QIBM/OS400/* 

77 /QIBM/ProdData/HTTP/Protect/OS400/HTML/* 

78 Pass /QffiM/Firewall/* 

79 /QIBM/ProdData/HTTP/Protect/Pirewall/HTML/* 

80 Pass /QIBM/Neta* 

81 /QIBM/ProdData/HTTP/Protcct/NctC/* 

82 Pass /QroM/NctworkStation/" 

83 /QIBM/ProdData/HTTP/Protect/NctworkStation/* 

84 # 

85 # Pass statements for misplaced GIF files 

86 # 

87 Pass /QIBM/ICS/HTML/MRIVdocmast.* 

88 /QIBM/ProdData/HTTP/Protcct/TCl/ICSS 

89 /HTML/lCONS/docmast.gif 

90 Pass /QIBM/ICS/HTML/MRIVicsl0s03.* 

91 /QIBM/ProdData/HTTP/Piotcct/TCl/ICSS 

92 /HTML/ICONS/icsl0s03.gif 

93 Pass /QIBM/ICS/HTML/MRIVicsl0s04.' 

94 /QIBM/ProdData/HTTP/Protect/TCl/ICSS 
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TABLE 3-contiaued 



TABLE 4 



ConfiguralioQ File 314 



T^sks Page 150 (HTML) 



95 /HTML/ICOKS/ics 10s04.gif 5 

96 Pass/QIBM/[CS/HTMiyMRI7icslOs05.* 

97 /QffiM/ProdData/HTrP/Protcct/rCl/ICSS 

98 /HTM17ICX)NrS/ics 10sO5.gif 

99 Pass /QIBM/ICS/frrML/MRI7icslOs06.* 

100 /OIBM/ProdData/HTrP/Protect/TCl/ICSS 

101 /HTM17ICONS/ics 10s06.gif 

102 Pass/QIBMyTCS/HTMUMRIVicslOsO?.* 

103 /OffiM/ProdData/HTTF/Protect/TCl/ICSS 

104 /HTMlVICONS/i csl0s07.gif 

105 Pass/QIBM/ICS/HTMUMRI7icslOs08.* 

106 /QIBM/ProdData/HTTP/Protect/TCl/ICSS 

107 /HTMUICONS/icsl0s08,gif 

108 Pass /QIBM/ICS/HTML/MRIVics30sl4,* 

109 /QIBM/ProdData/HTTP/PrDtectmil/ICSS 

110 /HTMlVICONS/ics 10sl4.gif 

111 Pass /QIBMACS/HTMITMRIVICFICXDN.* 
U2 /QIBM/ProdData/HTTP/Protect/TCl/lCSS 

113 /HTML/I CONS/icficon.gif 

114 # 

115 # 

116 Pass /QIBM/ICS/HTMIV* 

117 /QroM/ProdData/HTTP/Protect/TCl/ICSS/HTML/* 

118 Pass /QIBM/ProdData/HTTP/Public/* 

119 Pass /QIBM/lCSS/Cert/Download/* 

120 /QIBM/UserData/ICSS/Cert/Download/* 

121 Pass /QIBM/ICSS/CerV* 

122 /QIBM/ProdData/HTTP/Protect/lCSS/Cert/HTMU* 

123 #PASScQd # 

124 # # 

125 # EXEC start # 

126 Exec /QSYS.LIB/QSYSCGI.UB/* 

127 Exec /QSYSXIB/QTCPCGLLIB/* 

128 Exec /QYTC/* /QSYS.LIB/QTrCUB/* 

129 # EXEC end # 

130 # # 

131 # AddTVpe start # 

132 AddTVpe .cacrt application/x-x509-ca-cert Tbit 1.0 35 

133 AddXype .usrcrt application/x-x509-iiser-cert Tbit 1.0 

134 AddTVpe .CACRT appUcation/x-x509-ca-cert Tbit 1.0 

135 AddTVpe .USRCRT application/x-x509-user-ceit Tbit 1.0 

136 # Addiype end # 

137 # ****** ********** # 

138 # end Sample of configuiation file that drives the admin 

139 # server 
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20 



25 



30 



40 



Referring to FIG. 6, the hierarchy of web pages for 
* ADMIN server 310 is set forth. Tasks page 334 is the home 
page for * ADMIN server 310, and provides links to first 45 
page 336 of ICS configuration and administration, first page 
338 of DCM configuration and administration, and first page 
340 of firewall configuration and administration. Each of 
pages 336, 338 and 340 provide links to additional pages 
342, 344 and 346, respectively. 50 

Referring to FIG, 7, a specific example 350 of task page 
334 is shown. Task page 334 includes buttons for accessing 
additional pages, including button 352 which when activated 
will bring up an Internet connection server for configuring 
an HTTP server and SSL; button 354 which when activated 55 
will bring up a page for setting up and monitoring an Internet 
firewall; button 356 which when activated will bring up a 
page for configuring a net commerce server; and button 358 
which when activated will bring up a page for creating, 
distributing and managing digital certificates. 60 

The purpose of tasks page 350 is to provide a single URL 
or collection point for all those applications or system 
components that use the web browser for configuration and 
administration. As shown here, four applications 352, 354, 
356 and 358 appear on tasks page 350. 65 

Referring to Table 4, an HTML representation of a 
specific example of an AS/400 TASKS page 350 is set forth. 



1 <HTM1^ 

2 <HEAD> 

3 <TTrLE>AS/400 Tasks </TrTLE> 

4 <P> 

5 <SCRIPT LANGUAGE="JavaScripf> 

6 <!- 

7 function showHelpFunctionQ { 

8 window.openCVQSYS.UB/QSYSCGI.LIB/ 

9 DB2WWW.PGM/QrBM/FT0dData/HTrF/ 

10 Protect/OS4QO/MaCTo/qyunniain.ndm/helpO","", "width=600, 

1 1 height=400,inenubar=yes,scroUbars=yes,resizable=yes,stalus")} 

12 //"> 

13 </SCRrPT> 

14 </HEAD> 

15 <BODY BGCOLOR=#FFFFFF' > 

16 <CENTER> 

17 <TABLE WIDTH=80%> 

18 <TR> 

19 <TD> 

20 <FONT SIZE=5> 

21 <STRONG> 

22 <IMG SRC.'7QIBM/OS400/Icons/xbmlogo.gif ' 
ALIGN-LEFT ALT-"IBM"> 

23 <;/STRONG> 

24 </FONT> 

25 </td> 

26 <TD rowspan-2> 

27 <CENTER> 

28 <F0NTSIZE-6> 

29 <STRONG>AS/400 Tasks 

30 </STRONG> 

31 </FONT> 

32 <;/CENTER> 

33 <OT>> 

34 <TD ALIGN«CENTER> 

35 <[MG SRC="/OIBM/OS400/Icons/as400.glf ' ALT=""> 

36 </TD> 
31 </TR> 

38 <TR> 

39 <td> 

40 <FONT Si2e=l>(C) LBM Corporation 1997 

41 </FONT> 

42 </TD> 

43 <td> 

44 <center> 

45 <FONT Size=2>RS008.END[COTr.IBM.COM 

46 </FONT> 

47 </center> 

48 </td> 

49 </TR> 

50 <TR> 

51 <TD colspaii=3> 

52 <HR size=l> 

53 </td> 

54 </TR> 

55 <TR> 

56 <td colspan-3> 

57 <P> 

58 <BR> 
59 

60 <CENTER> 

61 <TABLE> 

62 <TR> 

63 <TD> 

64 <A HREF-"/0SYS.LIB/C7rCFCGI.UB/QTMHrCFP.PGM"> 

65 <[MG SR07QrBM/ICS/HTML/ICONS/anchgrap.gif' 
bordcr»"0" ALT="*"> 

66 </A> 

67 <rrD> 

68 <TD> 

69 <A HREF="/QSYS.LIB/QTCPCGI.UB/QTMHICFP.PGM"> 

70 <STRONO>Internet Connection Server for AS/400 

71 </STRONO> 

72 </A> 

73 <BR> 

74 <FONT SIZE-2>Configure the AS/400 HTTP Server and SSL 

75 </FOKr> 
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TABLE 4-continued 



TABLE 4-continucd 



T^sks Page 150 (HTML) 



Tbsks Page 150 (HTML) 



76 </TD> 

77 </rR> 

78 <TR> 

79 <TD> 

80 <A EIREF"'VQIBM/HrewalVAdmin/qisafwl.ndin/mainO"> 

81 <IMO SRC='7QIBM^irewalI/Icons/qisafwl.gif 
border»"0" ALT="*"> 

82 </A> 

83 <yTD> 

84 <TD> 

85 <A HREF»"/QIBM/Fiiewall/Adimn/qisafwLndm/mamO"> 

86 <STRONG>IBM Firewall for AS/4Q0 

87 <ySTRONG> 

88 </A> 

89 <BR> 

90 <FONT SrZE=2>Set up and monitor an Internet Firewall 

91 </FONT> 

92 </TD> 

93 </YR> 

94 <TR> 

95 <TD> 

96 <A HREF="/QIBMyNetC/Adinin"> 

97 <IMG SRC-'VOIBM/NetCyServei/lcotiB/netcomm.gif' border-**0" 

98 ALT-"*"> 

99 </A> 

100 </TD> 

101 <TD> 

102 <A HREF-*VQIBM/NetaAdmiQ"> 

103 <STRONG>IBM Net. Commerce for AS/400 

104 </STRONG> 

105 </A> 

106 <BR> 

107 <FONT STZE=2>Configure the NcLCommcrcc Server 

108 </FONT> 

109 </TD> 
no <JTK> 

111 <TR> 

112 <TD> 

113 <A HREF="/QIBM/lCSS/Cert/Admm/qycucml.ndm/mamO"> 

114 <IMG SRC='7QIBM/ICSS/Cert/Icons/qycucmLgif 
border=«"0'* ALT-"*"> 

115 </A> 

116 </TD> 

117 <TD> 

118 <A HREF='VQIBM/ICSS/Cert/Adniin/qycucml.iidin/mamO"> 

119 <STRONG>Digital Certificate Manager 

120 </STRONG> 

121 <JA> 

122 <BR> 

123 <FONT SIZE=2>Create, distribute, and manage Digital 
Certificates 

124 </FONT> 

125 </TD> 

126 </TR> 

127 </rABLE> 

128 </CENTER> 

129 <P><BR> 

130 </td> 

131 </TR> 

132 <TR> 

133 <td> 

134 <A href-"http:/Avww.as400.ibm.com/anchor/MR 12924/ 
anchhome.htm"> 

135 <font sizc="-r'>Relatcd task infonnation 

136 </font> 

137 </a> 

138 </td> 

139 <ld> 

140 </td> 

141 <td> 

142 <ccntcr> 

143 <a href""Javascripl:showHelpFunctionO"> 

144 <img src-**/QIBM/OS400Acons/help.gif • bordcr-^O" alt-''"> 

145 <BR>Hetp 

146 </a> 

147 <BR> 

148 <font size-"-2">(Requircs JavaScript) 
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149 ^fonl> 

150 </ccnter> 

151 </td> 

152 <m> 

153 <A'ABLE> 

154 <Jccn\£T> 

155 </BODY> 

156 <;/HTML> 



Referring to FTG, 8, a sample representation of first page 
360 of ICS configuration and administration 336 is shown. 
This is brought up at browser 304 by selecting the Internet 
Connection Server for AS/400 link 352 on tasks page 350. 
Internet connection secure server 360 includes buttons 362 
for selecting configuration and administration, 364 for 
selecting a sample home page, 366 for selecting Internet 
conaection family web site, and 368 for selecting As/400 
tasks. 

Referring to Table 5, an HTML representation for page 
360 is set forth. This first page 360 is also referred to as the 
25 front page. Tables 5-9 are created by the CGI scripts. 



TABLE 5 



Front Page (HTML) 



45 



50 



1 ## Sample HTML representation of First Page of ICS 

2 ## configuration and Administration 

3 <html> 

4 <head> 

5 <title>Intemet Connection Secure Server for AS/400 </titie> 
6 

7 <fhead> 

8 <frameset COLS="25,75"> 

9 <frame SRC="/QIBM/ICS/HTMUMRI29 24/1 CSNAV.HTML" 

10 NAME="[CSNavFrame"> 

11 <frameset ROWS=*'78,22"> 

12 <frame SRC="/QIBM/ICS/HTMUMRI2924/ICSSLOGO.HTML" 

13 NAME-"[CSLogoFiame"> 

14 <erame SRC-"/QIBM/rCS/HTMUMRr2924/ICSBUTN.HTML" 

15 NAME»"[CSButtonsFrame"> 
36 </frameset> 

17 </frameset> 

IS <form NAME="icsframe" ACTION-"" MErHOD="POSr'> 

19 <centen> 

20 </form> 

21 </center> 

22 </body> 

23 </html> 



Referring to FIG. 9, a representation of link configuration 
and administration page 370 is illustrated. This is a specific 
example of a page selected by choosing configuration and 
administration button 362 from page 360 (FIG. 5). This page 
370 may be used to add a new ICS server instance, or 
55 manage an existing one. To add a new server instance, an 
instance name is entered in field 386 and add button 388 
activated. To manage an existing server instance, the server 
is chosen by activating ADMIN radio button 372 or 
DEFAULT radio button 374, and the action then selected 
60 and initiated by activating change button 376, delete button 
378, start button 380, stop button 382, or restart button 384. 
The Delete, Start, Stop and Restart functions perform that 
action and indicate back the results. Selecting change button 
376 brings up panel 400 (FIG. 10). The global attribute 
65 values may be changed by selecting field 390. 

Referring to Table 6, the HTML code used to generate 
page 370 is set forth. 
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TABLE 6 



26 



20 



General ConfiguraLion and Administration (HTML) 

1 // Sample HTML representation of "Configuration and ^ 

2 // Administration" 

3 <html> 

4 <head> 

5 <titie>General Configuration and Admin istratioti</title> 

6 </head> 

7 <img src='7QIBM/ICS/HTML/ICONS/skycfg2.gif' 30 

8 align=" middle" alt=""> 

9 <strong>Configuratio[i and Administration 

10 </stroflg> 

11 <p><hr> 

12 <body> 

33 <br> 25 

34 <hl>General Configuration and AdministTation</hl> 

15 <hr>Choose an existing server instance and an action to 

16 perform on it. 

17 <br> 

18 <fonnACnOISf='YQSYS.UB/QTCPCGLLIBy 
QTMHFMOU.PGM/instact" 

19 METHOD="PO^'> 

20 <INPUT TYPE-RADIO NAME-" INSTANCE" 
VAUJE-"ADMIN^'> ADMIN 

21 <BR> 

22 <INPUT TYPE-RADIO NAME-" INSTANCE" 
VAUJE-"DEFAULr'>DEFAULT 

23 <BR> 25 

24 <Lnput type -"submit" nanie-"pushbutton'* value-"Change"> 

25 <input type -"submit" name-"pushbutton" value-" Delete"> 

26 <input typc="submit" name="pnshbutton" valuc="Start"> 

27 <Lnput typc«"submit" name='*pushbutton" valuc="Stop"> 

28 <input typc="5ubmit" namc="pushbutton" valuc="Rcstart"> 

29 </fomi> 30 

30 <hr>To generate a new server instance, specify an instance 

31 name and select the "Add" button. 

32 <br> 

33 <fonn ACnON=7QSYS.UB/(?rCPCGI.LIB/ 
QTMHFMOU.PGM/instact" 

34 METHOD=."POST'> 35 

35 Instance name <input TYFE^'tcxt" NAME=" instance" SIZE=10 

36 MAXLENGTH=10> <input type="submit" name="pushbutton" 

37 value="Add"> 

38 </foim> 

39 <hr>Change the 

40 <aHREF='7QSYS.LIB/QTCPCGLLIB/QTMHFMIN.PGM/ 
glblattr> 

41 Global Attribute Values </a>. 

42 <:pre> 

43 <hr> 

44 <a href="/QSYS.UB/QTCPCGI.LIB/C3™HICFP.PGM'><img 

45 align-middle src="/QIBM/ICS/HTML/tCONS/go2firsLgir' 

46 alt="Front Page j"></a> <a ^5 

47 href=7Q[BM/ICS/HTML/MRI2924/HLPAS4IM.HTML"><img 

48 align=middle src="/QIBM/ICS/HTMI7ICONS/skyhelp.gif ' 

49 alt="Help"></a> 

50 </pre> 

51 </body> 

52 </html> 50 



Referring to FIG. 10, a sample representation page 400, 
the link "CHANGE", displayed in response to activating 
change button 376 in panel 370, is shown. In this example, 
on page 370 (FIG. 9), server instance "TEAM4r' would 55 
have been previously created added through instance name 
field 386 and button 388. Returning to page 370, it would 
then show up in the list of instances, and would be selected 
for change by activating a button similar to default radio 
button 374 followed by change button 376 to get to page 60 
400. 

Server instance page 400 allows specification of the 
associated configuration file 314 used by this server 
instance. Radio buttons 406, 408 and 410 are selected to use 
an existing configuration 402, to create a new configuration 65 
or associate a different configuration with this instance, 
respectively. There are also links 416 and 418 to configu- 



40 



ration and administration forms 460 (FIG. 12), and instance 
parameters forms 420 (FIG. 11), respectively. 

Referring to Table 7, the HTML for generating panel 400 
responsive to link CHANGE 376 is set forth. 

TABLE 7 

Unk CHANGE (HTML) 

1 // Sample HTML representation of link "CHANGE" 

2 <html> 

3 <head> 

4 <title>ScrvcT Instance "DEFAULT "</title> 

5 </hcad> 

6 <img src="/QlBM/ICS/HTML/ICONS/skycfg2,giF' 

7 a]ign="middlc" alt=""> <5trong>Conflguration and 
Administration </strong> 

8 <p><hr> 

9 <body> 

10 <br> 

11 <hl>Server Instance "TEAM42 "</hl> 

12 <hr> 

13 <fonn ACTION="/QSYS.LIB/QTCPCGLLIB/ 

14 QTMHFMOU.PGM/assccfg" MErHOD="POSr'> 

15 <h2>As sedated Configm'ation</h2> 

16 This server instance tises the configuration named 

17 <strong>CONFIG</strong>. To use a different one, 

18 you choose the name of an existing configuration, specify the 

19 name of a new configuration, or do both. Then, choose 

20 the action you want to take. 

21 <p> 

22 <pre> 

23 Existing configuration 

24 <select NAME="assccfg"> <OPTION SELECrED>CONRG 

25 <OPnON>CONFIG_BK <:GPTION>CONFIGSAVE 

26 </select> 

27 New configuration 

28 <input TYPE-"text" NAME-"newcfg" maxlength-10 SI2E-10> 

29 </pre> 

30 <input TYPE-RADIO NAME-"action" VALUE-"r' Checked> 

31 Use existing configuration <br> 

32 <input TYPE-RADIO NAME-"action" VALUE-"2"> 

33 Create new configuration <br> 

34 <input TYPE-RADIO NAME-"action" VALUE-"3"> 

35 Create new configuration based on existing one 

36 <pre> 

37 <input typc="submit" namc="pushbutton" valuc="Apply"> 

38 <input namc="pushbutton" typc=" reset'* valuc="Rcsct"> 

39 </prc> 

40 <hr> 

41 <a HREF=7QSYS.LIB/QTCPCGLUB/QTMHFMIN.PGM/ 

42 cfgact=CONFIG "> 

43 <h2> Con figuration and Administration Forms<;^2> 

44 </a> 

45 Change the configuration named 

46 <strong>CONFIG </strong>. 

47 <hr> 

48 <a HREF="/OSYS.LIB/QTCPCGLUB/QTMHFMIN.PGM/ 

49 instpann=DEFAULr'> 

50 <h2>Instance Parameters</h2> 

51 </a> 

52 Specify parameter values to be used by server instance 

53 <stiong>DEFAULT </strong>. 

54 <[NPUT TTPE=HIDDEN NAME--INSTANCE" VALUE= 
"DEFAULT "> 

55 <pre> 

56 <hr> 

57 <a href-"/QSYS.LIB/QTCPCGI.UB/QTMHICFP.PGM"><img 

58 align-middle sro="/QIBM/ICS/HT\lUIOONS/go2first.gif ' 

59 alU^Front Page |">-^a> <a 

60 href="/QIBM/ICS/HTMUMRI2924/HLPAS4CF.HTML"><img 

61 align-middlc src""/Q I BM/ICS/HTMUIOONS/s kyhelp.gif' 

62 alt-"Hclp"></a> 

63 </pre> 

64 </fonn> 

65 </body> 

66 </html> 

Referring to FIG, 11, a sample representation of link 
"INSTANCE PARAMETERS", the page 420 returned upon 
selecting instance parameters 418 (FIG. 10), is shown. This 
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page 420 allows specificatioQ of particular "instance" values 
that can override configuration directives for server 422 for 
those inputs 424-446 shown on the page. In this specific 
example, such instance values, or parameters, include 
autostart 424, number of server jobs minimum 426 and 
maximum 428, coded character set identifier 430, server 
mapping tables outgoing 432, 434 and incoming 436, 438, 
access log file name 440, error log file name 442, non-secure 
port 444 and secure port 446. For example, specifying a 
non-secure port in field 444 would override any PORT 
directive in configuration file 316. These attribute values 
reflect the contents of a member in a file that is similar to file 



10 



5 



318, except instead of being tied to server 310, this file is tied 
to server 311 (it is modified by server 310, used to control 
the behavior of server 311). The ADMIN instance is unique 
in that it uses two config file members. It first reads the one 
from the read-only file 314, then the one from the read-write 



Referring to Table 8, the HTML code for generating a 
panel for an instance of TEAM42, which will be like panel 
420 of FIG. 11 (which is for a server instance of DEFAULT) 
is set forth. (In order for Table 8 to produce FIG, 11, 
"TEAM42" in line 12 would have to be changed to 
"DEFAULT'.) 



file 316. 



TABLE 8 



Instance Parameters (ETTML) 



1 //Sample HTML Representation of link "IISrSTANCE PARAMETERS" 

2 <html> 

3 <head> 

4 <title>Instance Parameters </titIe> 

5 </head> 

6 <img src="/QlBM/ICS/HTML/ICX)NS/skycfg2.gif ' align=" middle" 

7 alt=""> <:5trong>Configuration and Admini5tration</strong> 

8 <p><hr> 

9 <body> 

10 <br> 

11 <hl>In5tance Parameters</hl> 

12 Server instance: <STRONG>TEAM42</STRONG> 

13 <hr> 

14 <fQrm 

15 ACnON=7QSYS.LIB/QTCPCGI.LIB/QTMHFMOU. PGM/ins tparm=DEFAULT" 

16 METHOD="FOST'> 

17 Specify parameter values to be used by this server instance. 

18 <p> 

19 <pre> 

20 Autostart 

21 <select NAME="auto"> <option> NO <OPTION> YES <OFTION 

22 SELECrED> "GLOBAL </SELECT> 

23 Number of server jobs; 

24 Minimum 

25 cinput TTFE=»"text" 

26 NAME="min" 

27 VALUE="*CFG" 

28 maxlength=4 

29 SIZE=4> 

30 Maximum 

31 <input TYPE="text" 

32 NAME-"max" 

33 VALUE-"* CFG" 

34 maxlength-6 

35 SIZE-6> 

36 Coded character set identifier 

37 <input TYFE-"text" 

38 NAME="ccsid" 



39 VALUE-"*GLOBAL" 

40 maxlength=7 

41 SIZE-7> 

42 Server mapping tables: 

43 Outgoing EBCDIC/ASCn Uble 

44 <input TYPE="text" 

45 NAME="outtbl" 

46 VALUE="* GLOBAL" 

47 maxlength=10 

48 SIZE-]0> 

49 Library 

50 <input TYFE-"text" 

51 NAME="ouUib" 

52 VALUEo"" 

53 maxlength-10 

54 SIZE=]0> 

55 Incoming ASCII/EBCDIC table 

56 cinput TYPE="text" 

57 NAME-'-intbl" 

58 VALUE-"*GLOBAL" 

59 maxlcngth-lO 

60 SIZE-10> 

61 Library 
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TABLE 8 -continued 
Instance Parameters (HTML) 



62 <input TYPE="tcxt" 

63 NAME="iiUib" 

64 VALUE="" 

65 maxlength=10 

66 SIZE=ia> 

67 ACCESS log file name 

68 <input TYPE="text" 

69 NAMEo'-accfU" 

70 VALUE-" *CFG" 

71 inaxlength=512 

72 SIZE=50> 

73 ERROR log aie name 

74 <mput TYPE="text" 

75 NAME="crrfi]" 

76 VALUE^-'-CFG" 

77 inaxlength=Sl2 

78 SIZE=5Q> 

79 Non-secure port 

80 <input TyPE="text" 

81 NAM&="prt" 

82 VALUE-" *CFG" 

83 maxlength=5 SIZE=5> 

84 Secure port 

85 <input TYPE-"text" 

86 NAME-"secprt" 

87 VALUE-" *CFG" 

88 maxlength-5 

89 SIZE-5> 



90 </pre> 

91 <pre> 

92 <mput typc= 'submit" name=**pustbutton" valuc=" Apply" > 

93 <mput typc="rcsct" name="pu5hbutton" value="Reset"> 

94 <hr> 

95 <a href=7QSYS.UB/QTCPCGI.LIB/QTMraCFP.PGM"> 

96 <img align=middle src="/QIBM/ICS/HTML/rCONS/go2first.gif ' 

97 alt="Front Page |"> 

98 </a> 

99 <a href="/QIBM/ICS/HTMIVMRI2924/HLPAS4IN.HrML"> 

100 <inig align=middle src='7QIBM/ICS/HTML/IC0NS/Skyhelp.gif 

101 alt="Help"> 

102 </a> 

103 </pre> 

104 </fonn> 

105 </body> 

106 </html> 



Referring to FIG. 12, a sample representation of link 
configuration and administration forms panel 460, such as is 
displayed at browser 404 in response to selection of field 416 
(FIG. 10) is set forth. This server configuration TEAM42 
may be customized by selectiog and using one or more of 
forms 461. These forms include the following: basic form 
462 (see form 500, FIG. 13 for a specific example) for 
specifying required settings; user administration forms 463 
for managing user ID and passwords, including add user 
form 464 for adding a new user ID to a validation list and 
group file, delete user form 465 for deleting a user from a 
validation file, check user form 466 for determining if a user 
exists in a validation list, and change password form 467 for 55 
changing a user password in a validation list; directories and 
welcome page 468 for selling viewing options, including 
initial page 469 for specifying the welcome pages and 
directory lists, directory list contents 470 for specifying list 
columns, and readme text 471 for providing informative 60 
directory list text; logging form 472 for customizing the 
access log and error log, including global log file configu- 
ration settings form 473 for specifying log fomats, access 
log file configuration form 474 for specifying access log 
location, and error log file configuration form 475 for 65 
specifying error log location; access control form 476 for 
setting up access control for the server, including document 



protection form 477 for specifying file directories to protect, 
protection setups form 478 for specifying file protection 
settings, and access control lists 479 for defining user access 
files; security form 480 for setting up security for the server, 
including security configuration form 481 for defining basic 
parameters for security, create keys form 482 for creating 
keys and request certificates, receive certificate form 483 for 
receiving a certificate into the key ring, and key management 
form 484 for working with keys, root keys, and certificates; 
resource mapping form 485 for redirecting URLs and defin- 
ing file extensions, including request routing form 486 for 
routing URL requests to server files, MIME encodings form 
487 for defining encodings and extensions, MIME types 
form 488 for defining file types and extensions, and lan- 
guages form 489 for associating language encodings and 
extensions; timeouts form 490 for closing connections auto- 
matically; methods form 491 for setting method acceptance; 
accessory scripts form 492 for specifying custom method 
scripts; and performance settings form 493 for defining 
performance settings, including jobs form 494 for config- 
uring jobs. 

Referring to Table 9, HTML coding for setting up con- 
figuration and administration forms panel 460 is set forth. 
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TABLE 9 



Configuration and Administration (HTML) 

1 // Sample representation of link "Configuration and 

2 // Administration Forms" 

3 <html> 

4 <head> 

5 <title> Configuration and Administration Forms </title> 

6 </head> 

7 <body> 

8 <img src='VQIBM/ICS/HTM17ICONS/skycfg2.gif • align="middle" 

9 aU=*"> 

10 <strong>Configuration and Administration </strong> 

11 <p><hr> 

12 <hl>Configiiration and Administration Forms </hl> 

13 Configuration: <strong>TBAM42</strDng> 

14 <p> 

15 <hr> 

16 You can customize this server configuration by modifying the 

17 forms below: 

18 <p> 

19 <ul> 

20 <li> 

21 <ahref=7QSYS.LIB/QTCPCGI.UB/QTMHCFIN.PGM/basic-OONFIG"> 

22 Basic 

23 </a> - Specify required settings 

24 <li> 

25 <ahref-"/QSYS.LIB/QTCPCGI.UB/QTMHCFIN.PGM/useradm-CONFIG"> 

26 User Administration </a> 

27 - Manage user ID and passwords 

28 <ul> 

29 <li> 

30 <ahrcf="/QSYS.LIB/QTCPCGLUB/QTMHCFIN.PGM/adduscr-CONFIG"> 

31 Add User </a> 

32 - Add a new user ID to a validation list and group file 

33 <li> 

34 <ahrcf="/QSYS.LIB/QTCPCGI.UB/QTMHCnN.PGM/deluser=CONFIG"> 

35 Delete User </z> 

36 - Delete a user from a validation list 

37 <li> 

38 <ahref="/QSYS.LIB/QTCPCGI.UB/QTMHCFIN.PGM/chkuser=CONFIG"> 

39 Check User</a> 

40 - Determine if a user exists in a validation list 

41 <li> 

42 <ahref='70SYS.LIB/QTCPCGI.liB/QTMHCFlN.PGM/chpasswd=C0NFIG"> 

43 Change Password </a> 

44 - Change a user password in a validation list 

45 </ul> 

46 <li> 

47 <ahTef='70SYS.LIB/QTCPCGI.UB/QTMHCFlN.PGM/dirappr=CONFIG"> 

48 Directories and Welcome Page</a> 

49 - Set viewing options 

50 <ul> 

51 <li> 

52 <ahref="/QSYS.LIB/C3TCPCGLUB/QTMHCFIN.PGM/initpage=CONFIG"> 

53 Initial Page</a> 

54 - Specify welcome pages and directory lists 

55 <li> 

56 <ahref-"/QSYS.LIB/QTCPCGI. UB/QTMHCnN.PGM/listcnts-CONfnG"> 

57 Directory list Contents</a> 

58 - Specify list columns 

59 <li> 

60 <ahref-'7QSYS.UB/QTCPCGI.UB/QTMHCFlN.PGM/dirreadm-CONFIG"> 

61 Readme Text</6> 

62 - Provide informative directory list text 

63 </ul> 

64 <li><ahrcf=7QSYS.LIB/QTCPCGT.UB/QTMHLRIN.PGM/]ogging=CONFI 

65 G"> 

66 Logging </a> 

67 - Customize access log and error log 

68 <ul> 

69 <li> 

70 <ahref=70SYS.LIB/CrrCPCGI.UB/QTMHLRIN.PGM/logfiIcs-CONFIG"> 

71 Global Log File Configuiation Settings</a> 

72 - Specify log formats 

73 <li> 

74 <ahref-7QSYS.LIB/arCPCGI.UB/QTMHLRIN.PGM/accconf=CONFIG"> 

75 Access Log File Configuration </a> 

76 - Specify access log location 

77 <li> 
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78 <ahrcf="/QSYS.UB/QTCPCGr.UB/QTMHLRIN.PGM/erjconf=CONnG"> 

79 Error Log File Configuration</a5- 

80 - Specify error log location 

81 <Ail> 

82 <li> 

83 <ahref="/QSYS.LIB/QTCPCGLUB/QTMHCnN.PGM/access=CONFIG"> 

84 Access Control</a> 

85 - Set up access control for the server: 

86 <ul> 

87 <li> 

88 <ahref=7QSYS.LIB/QTCPCGI.UB/OTMHCnN.PGM/docautos«CONFIG"> 

89 Document Protection </a> 

90 -Specifyfiledirectoriestoprotect 

91 <U> 

92 <ahref="/0SYS.LIB/QTCPCGI.UB/QTMHCFIN.PGM/prtdist=CONFtG"> 

93 Frotectioa Setups</a> 

94 - Specify file protection settings 

95 <li> 

96 <ahref='7QSYS.LIB/QTCPCGI.UB/QTMHCFIISr.PGM/acldir^CONFTG"> 

97 Access Control Lists</a> 

98 - Define user access files 

99 </ul> 

100 <li> 

101 <ahref-"/QSYS.LlB/C3TCPCGI.UB/QTMHSClN.PGM/security-C0NFIG"> 

102 Security</a> 

103 - Set up security for the server: 

104 <ul> 

105 <U> 

106 <ahrcf-*7QSYS.LIB/QTCPCGLUB/QTMHSCIN.PGM/sccconf-CONHG"> 

107 Security Configuration</a> 

108 - Define basic parameters for security 

109 <U> 

110 <ahrcf="/QSYS.LIB/QTCPCGI.UB/0TMHSCIN.PGM/kcy=CONFIG"> 

111 Create Keys</a> 

112 - Create keys and request certificates 

113 <li> 

114 <ahref=7QSYSXIB/arCPCGI.UB/QTMHSCIN.PGM/reccert=CONFIG"> 

115 Receive Certificate </a> 

116 - Receive a certificate into the key ring 

117 <li> 

118 <ahref=*7QSYS.LIByQTCPCGI.UByQTMHSCIN.PGM/pwprompt=CONFIG"> 

119 Key Management<;/a> 

120 - Work with keys, root keys, and certificates 

121 </ut> 

122 <U> 

123 <ahref=*7QSYS.LIB/QTCPCGI.UB/QTMHCFIN.PGM/resmap=CONFIG"> 

124 Resource Mapping </a> 

125 - Redirect URLs and define file extensions 

126 <ul> 

127 <U> 

128 <ahref='70SYS.LIB/QTCPCGL UB/QTMHCFIN.PGM/mpfrule=CONFIG"> 

129 Request Routing</a> 

130 - Route URL requests to server files 

131 <U> 

132 <ahref-'7QSYS.LIB/QTCPCGLUB/QTMHCFIISr.PGM/addencod=-COISrRG"> 

133 MIME Encodings </a> 

134 - Define encodings and extensions 

135 <li> 

136 <ahref-7QSYS.LIB/QTCPCGLUB/QTMHCFIN.PGM/addtype-OONFIG"> 

137 MIME 'IVpes</a> 

138 - Define file types and extensions 

139 <li> 

140 <ahref-"/QSYS.LIB/QTCPCGL UB/QTMHCFIN.PGM/addlang-CONFIG"> 

141 Languages </a> 

142 - Associate language encodings and extensions 

143 </ul> 

144 <li> 

145 <ahref-'7QSYS.LIB/QTCPCGI.UB/QTMHCnN.PGM/timcout-CONFIG"> 

146 TimcOuts</a> 

147 - Close CO ruled ions automatically 

148 <li> 

149 <ahref=7QSYS.LIB/QTCPCGI.UB/QTMHCnN.PGM/methenab-CONF[G"> 

150 Methods</a> 

151 - Set method acceptance 

152 <li> 

153 <ahref-'7QSYS.LIB/QTCPCGr.UB/0TMHCFIN.PGM/accscr-C0NFIG"> 

154 Accessory ScrLpis</a> 
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155 - Specify custom method scripts 

156 <li>Pciformancc Settings </a> - Define performance settings; 

157 <ul> 

158 <U> 

159 <ahref='VQSYS.LIB/QTCPCGI.LIB/QTMHCnN.PGM/performa=CONFIG"> 

160 Jobs</a> 

161 - Conftguie jobs 

162 </ul> 

163 </ul> 

164 <hr> 

165 <a href="/QSYS.lJB/QTCPCGI.LlB/QTMHICF?.PGM'*> 

166 <iing src='7QIBM/ICS/HTM17ICONS/go2ftrst.gif ' 

167 alt="Front Page | "></a> 

168 <iing src="/QIBM/ICS/HTM17ICONS/greycfg.gif ' 

169 alt="ConfiguratiDn and Administration Forms \"> 

170 <a href='7QIBM/ICS/HTMUMRI2924/sample.html"> 

171 <img src='7QIBM/ICS/HTMUICONS/skyhomc.gif' 

172 alt="Sample Home Page \"></&> 

173 <a href="htLp://www.ics.raleigh.ibm.com/"> 

174 <img src='7QIBM/ICS/HTMUIC0NS/skyres.gif' 

175 ait="Resource List |"></a> 

176 <a href.'7QIBM/ICS/HTMUMRI2924/rzaglinst.html"> 

177 <img sic-'7QIBM/rCS/HTMIVICQNS/skydoc.gif' 

178 alt-"DocumentatiQn"></a> 

179 </body> 

180 </html> 



Referring further to FIGS. 1 and 2, if the auto start 
attribute for administration server 310 is set to *N0, this 
server 310 starts only upon command, such as the AS/400 
STRTCPSVR(*HTTP)(*ADMIN) command. The system 
administrator may, however, using the browser, configure 
the default autostart attribute for any server instance 310, 
311 to yes, and thus may configure ADMIN server instance 
310 so that it will autostart. 

Referring again to FIG. 3, to add a new instance of an 
HTTP server, the user types in an instance name 371 and 
selects ADD 388. The user will then be shown a confirma- 
tion page, can then return to page 400, and select 418 to get 
the instance parameters page. 

Referring further to FIG. 9, the link "Global attribute 
values" 390 shows an additional page similar to that in FIG. 
11 to allow modification of the default HTTP server 311 
attributes 323. These default attributes are those which are 
modified with the CHGHTTPA command, and are shown in 
FIG. 15, global attribute file 532. 

Referring further to FIGS. 10 and 11, a configuration for 
a particular instance of an HTTP server is illustrated. In such 
a case, the configuration name is mandatory as this is the 
configuration used by this instance of the HTTP server. 
Different instances may use the same or unique configura- 
tions. If instances share configurations, and need to co-exist, 
certain override parameters must be specified. For example, 
if a port directive is in the configuration, and two instances 
share that configuration, only one of the instances will start 
up the other instance will fail unless there is an override 
parameter in the appropriate PORT field. 

Once "apply" 448 is chosen, messages indicate the 
outcome, which may be either the instance is not changed 
successfully or the instance is changed. "Reset" 450 resets 
values back to previously defined values, which may include 
blank fields. 

Referring to FIG. 9, if the link "Global Attribute Values" 
390 is selected in panel 370, a page is produced which 
allows setting of the values of 533, 534, 535, 536, 537, and 
538 in FIG. 15. 

Referring further to FIG. 10, the sample page illustrated 
is an indication of what is required on a configuration page. 



A system administrator can change attributes for this 
instance via link 418; designate what configuration file is 
used via items 402, 404, 406, 408, 410, 412, and 414; and 
specify configuration file values via link 416. 

Referring to FIG. 13, a sample page Ulustrates basic panel 
500. This panel 500 is displayed responsive to selection of 
link 462 in panel 460, FIG. 12. Instructions 502 may include 
35 a statement displayed on the browser in panel 500, such as 
the following: 

"Specify the host name of the computer on which the 
server is installed, the port number on which the server 
listens for requests, and the directory the server uses as 
40 the root of the data hierarchy (server root). Host name 
should be a fully qualified name. Default port number 
should be the well-known HTTP port number (80), or 
a port number above 1024. Port numbers less than 1024 
may be reserved by other programs." 
45 Representative data entry fields on page 500 include host 
name 504, default port number 506, server root 508. Button 
510 is activated to look up the host name of requesting 
clients, button 512 to apply, and 514 to reset. 

This panel 500 is representative of the many similar 
50 panels which would be displayed by selection in panel 460 
of links 463-^494. 

Referring to FIG. 14, a sample page illustrates the con- 
tents of confirmation panel, which is displayed back to the 
user at browser 304 in response to data entered via basic 
55 page 500. 

Referring to FIG. 15, secure server instance management 
files and formats are illustrated for enabling management of 
multiple server instances. 

Referring to FIG. 15 in connection with FIG. 2, in 
60 accordance with the preferred embodiment of the invention, 
one of the server instances is default server instance 311, and 
another is the ADMIN server 310 instance that is used for 
the browser interface to the configuration and administration 
utilities. 

65 Multiple HTTP server instance management is handled by 
using instance file (*PF) 516, configuration file (♦SRCPF) 
526, and attribute file (♦PF) 532. 
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Each member 515, 517, 519, 521 of instance file 516 
represents a single HTTP server instance. Instance name 525 
is not actually contained within each member of 516, but 
rather is used to determine which member within file 516 is 
accessed. Instance file 516 is the same as instance file 318 
(FIG. 1), and file 515 is member within file 516. Aparticular 
member 515 defines an instance. Each instance (member) 
515, 517, 519, 521 contains optional attribute overrides 518, 
configuration file member name 522, and optional configu- 
ration directive overrides 524. The instance (member) name 
525 is used to override the values in attribute file 532 for this 
server instance 515. Configuration file member name 522 
identifies, as is represented by line 523, the configuration file 
member 526 from which server instance 515 reads configu- 
ration directives 530 at server startup. Optional confi.gura- 
tion directives overrides 524 are used to override configu- 
ration directives such as port, sslport, AccessLog and 
ErrorLog. Each member in configuration file 526 (only one 
member is shown) represents a set of directives 528, 530 that 
can be used by server instance 515, 517, 519, 521, at startup 
time. In accordance with a preferred embodiment of the 
invention, attribute file 532 includes only one member with 
fields auto start 533, minjob 534, maxjob 535, ccsid 536, out 
ccsid 537 and in ccsid 538. Minjob 534 and maxjob 535 
attributes map to MinActiveThreads and MaxActive Threads 
to enable a job structure to be implemented on a thread 
model, as is further described in U.S. Pat. No. 6,272,518, 
filed 17 Aug., 1998(supra). 

Referring to FIGS. 16 and 17, the STRTCPSVR 540 and 
ENDTCPSVR 550 commands are adapted to support mul- 
tiple server instances. Use of SYTRTCPSVR command 540 
is an alternative to use of the browser based ADMIN server 
to create startup values in the instance file. 

Referring to FIG. 16, the format of start TCP server 
command 540 is illustrated, which includes STRTCPSVR 
field 542, SERVERO field 544, RESTART field 546 and 
HTTPSVR( ) field 548. The start TCP/IP server command 
540 is used to start the TCP/IP application servers. The 
syntax of STRTCPSVR statement 540 is as follows: 
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change LPD attributes (CHGLPDA) command. More 
than one LPD servers may be running. 
*WSG specifies the 5250/Hypertext markup language 

(HTML) workstation gateway (WSG) server is started. 
*POP specifies the post office protocol (POP) version 3 
servers are started based on the number of servers con- 
figured with the change POP attributes (CHGPOPA) 
command. 

*HTTP specifies the world wide web hyptertext transfer 
protocol (HTTP) servers are started based on the number 
of servers specified in the change HTTP attributes 
(CHGHTTPA) command. 
RESTART specifies whether to restart the selected server 
when the STRTCPSVR command 540 is run. The 
SERVER parameter 544 must be * ALL or *HTTP or this 
parameter is ignored, *NONE specifies that no server is to 
be restarted. *HTTP specifies that the HTTP server is to 
be restarted if already running, thus forcing the HTTP 
server to read in the HTTP configuration and use any 
configuration values or attributes that have changed since 
it was last started. 
HTTPSVR( ) specifies the HTTP server instance to be 
started as well as any additional startup values to be used 
by the HTTP server to control the server instance. 
*ALL specifies that all sever instances for the HTTP server 

will be started, 
server-instance -name specifies the server instance will be 
started. 

* ADMIN specifies that the administration HTTP server will 
be started. This administration server is an instance of the 
HTTP server that allows administration of system func- 
tions using a web browser, 
instance-startup-values specifies additional startup values to 
be used for this server instance. The user is required to have 
*IOSYSCFG special authority to specify overrides. These 
values arc used to override previously defined server startup 
values for the specified server instance, and are as follows: 
-netcp[nnn] overrides the DefaultNetCp directive. 
-fscp[nnn] overrides default DefaultFsCP directive. 



STRTCPSVR field 542: STRTCPSVR 

SERVER( ) field 544: SERVER( | *ALL | | 'SNMP | -ROUTD | "TELNET | 

•FTP I •SMTP I ^LPD I *WSG | -POP | "HTTP | . . . I ) 
RESTART field 546: RESTARTC | 'NONE | "HTTP | ) 

HTTPSVRC ) field 54«: HTTPSVR( | *ALL | | server- instance-name 

1 'ADMIN I I •NONE | instance-startup -values | ) 



SERVER specifies the TCP/IP application servers to be 

started by this command. 
* ALL specifies that all of the TCPAP application servers and 

all HTTP instances are started. 
*SNMP specifies that simple network management protocol 55 

(SNMP) agent jobs are started. 
♦ROUTED specifies that the RouteD server is started. 
♦TELNET specifies that the TELNET server is started. More 

than one TELNET server job may be running. 
*FTP specifics that file transfer protocol (FTP) servers are 60 

started based on the number of servers configured with a 

change FTP attributes (CHGFTPA) command. More than 

one FTP server job may be running. 
♦SMTP specifies that the simple mail transfer protocol 

(SMTP) client and server jobs are started. 65 
♦LPD specifies that line printer daemon (LPD) servers are 

started based on the number of servers configured with the 



-p[nnn] overrides port directive. 
-sslporl[nnnn] overrides SSLPort directive. 
-r[configuration file] overrides configuration file for this 

instance of the server. 
-l[log- file-name] same as "AccessLog log-file-name" 
-newlog[log-file-narae] same as "AccessLog log-file-name 

and Logformat Common**. 
-ddslog[log-file-name] same as "AccessLog log-file-name 

and Logformat DDS". 
-errlog[logo-file-name] same as "ErrorLog log-file -name". 
-minat[nn] overrides the MinActiveThreads directive. 
-maxat[nn] overrides the MaxActiveThreads directive, 
instance-startup-values specified on the STRTCPSVR 
♦HTTP command lake precedence or can augment configu- 
ration data in instance files. Instance files take precedence 
over or can augment data in configuration files. 
Examples: 

STRTCPSVR SERVERCALL): starts all of the TCP/IP 
application servers that have been configured. If the change 
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FTP attributes (CHGFTPA) command was previously used 
to configure two FTP servers, both servers are started when 
STRTCPSVR is issued. Where appropriate, the number of 
servers to start is based on the number of servers configured 
for the server being started. The configuration option to 
automaticaly start the servers (AUTOSTART) is ignored by 
the STRTCPSVR command 540. The AUTOSTART param- 
cteris only used by the STRTCP command. 

STRTCPSVR SERVER(*TELNET): starts the TCP/IP 
TELNET application server. If the TELNET server was 
previously started, one additional TELNET server job is 
started. 

STRTCPSVR SERVER(*HTTP) RESTART(*HTTP): 
restarts the TCP/IP HTTP application server for all instances 
of the HTTP server. If the HTTP server was not currently 
running, then all defined instances of the HTTP server are 
started. 

STARTCPSVR SERVER(*HTTP) HTTPSVR(httpl): 
starts the TCP/IP HTTP application server instance named 
*httpr using the startup values prevously defined for this 
server instance. 

STRTCPSVR SERVER(*HTTP) HTTPSVR(HTTP1 *-p 
81-sslport 4430: starts the TCP/IP HTTP application server 
instance named 'httpl% and specifies that the server instance 
should listen on port 81 for imsecure requests and on port 
443 for secure requests. The ports defined here override any 
previously defined ports used by this server instance . 

Referring to FIG. 17, the format of end TCP server 
command 550 is illustrated, which includes ENDTCPSVR 
field 552, SERVERO field 554 and HTTPSVR( ) field 556. 
ENDTCPSVR command 550 is used to end the TCP/IP 
application server jobs that are specified in the SERVER 
parameter 554. If the jobs have any current active 
connections, these connections are ended immediately. The 
syntax of the ENDTCPSVR command 550 is as follows: 



ENDTCPSVR field 552: 
SERVER( ) field 554: 



HrrPSVR( ) field 556: 



ENDTCPSVR 

SERVER( I *SNMP | *ROirrED | *TELNET | 
*FTP I *SMTP I *LFD | *HTrP | *WSG | 
*POP I ... I 'ALL I 
HTTPSVR( I *AIX I scrvcr-instancc- 
namc | *ADMIN | ) 
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where: 

server-iistance-name specifies the HTTP server instance to 

be ended. 
Examples: 

ENDTCPSVR SERVER(*ALL) ends all active TCP/IP 
application server jobs. 

ENDTCPSVR SERVER(*HTrP) HTrPSVR(httpl) ends 
the TCP/IP HTTP application server instance named 'httpl *. 

In a typical startup scenario: 

(1) a user initializes operation by installing several files, 
including default configurations for both the ADMIN 
HTTP server 310 and default servers 311, and issues a 
start TCP (STRTCP) which causes the TCP/IP stack to 
start, and any TCP appUcation that has AUTOSTART= 
*YES starts. 

(2) However, because the default attribute file 323 has 
AUTOSTART«*NO for HTTP servers, and there is, in the 
preferred embodiment, no override for the ADMIN 
instance (attribute file 318), the user must run an explicit 
command to start the ADMIN server 310. (That command 
is STRTCPSVR 540, infra.) This is true only initially, 
before the ADMIN server 310 is started for the first time. 
The user can change the autostart attribute in the ADMIN 



50 



55 



60 



65 



server's instance file via browser-based config. If the 
admin server is not running, the only way to start is with 
STRTCPSVR, because it is the admin server that provides 
the browser-based config function. Other instances can 
then be started thru the browser (which actually does 
STRTCPSVR under the covers). 

(3) In response to the STRTCP command, because server 
310 has basic authentication enabled, the user is required 
to enter a valid user ID and password in order to further 
configure the server. 

(4) Once authorized, the user issues STRTCPSVR 540 or 
STRTCPSVR(*HTTP), or points the browser to the 
ADMIN server and selects "default server" and "start". 
An HTTP server with a standard default configuration that 
serves only a "welcome.html" document is started on the 
standard HTTP port 80 for this host. 

(5) The user then configures the server (either by the browser 
and selecting "which server" and "configure" or 
WRKHTTPCFG(*configuration)). Using either method, 
the user is able to (by configuration name): select a 
configuration file, and then change that particular con- 
figuration file. 

Referring to FIG, 18, in accordance with the Internet 
connection secure server embodiment of the invention, a 
server can listen on both a secure port 204 using secure 
sockets layer (SSL) and a non-secure port 202 using sockets 
for requests coming firom HTTP clients on network 200. 
When a listening thread 206 detects a request coming into 
port 202 or 204 from network 200, it passes the socket 
descriptor for the request off to a worker thread 212 or 214 
that is waiting in a thread pool 210 of initialized threads. 
Worker thread 212 or 214 processes the request and com- 
pletes the transaction by sending a response back to the 
HTTP client on network 200. Service threads 220 run in the 
background to handle server utility functions including 
alarm 222 and log writer 224. 

Referring to FIG. 19 in connection with FIG. 18, as part 
of initialization, main thread 240 processes configuration file 
244 directives. The MinActiveThreads and MaxActiveTh- 
reads directives are used to set the boundaries of the pool 
206, 210, 220 of available threads that can be used by the 
server 190. Main program thread 240 initializes thread pool 
210 and then uses a thread 202 from pool 210 to bindo 260 
and listens 262 on an IP address port 202. When server 190 
is started with directives normalmode on and sslmode on 
there will be one thread 206, 262 listening on port 80 (the 
HTTP default port 202) and one thread 206, 272 listening on 
port 443 (the HTTPS default port 204). Hereafter, these 
threads may be referred to as fisting threads, or parent 
threads. HTTP and HTTPS default ports 202, 204 can be 
overriden with a directives port (for (HTTP) and an sslport 
(for HTTPS). These threads 206 will listen on all IP 
addresses defined for this host unless the BindSpecific 
directive is in configuration file 244 and it contains a valid 
IP address for this host. Then threads 206 only listen on the 
ports for that IP address. 

When a request comes in on either or both ports 202, 204, 
the Hstening thread 262, 272 docs an accept 264, 274 and 
passes the incoming request off to a work thread 266, 276 
that comes from thread pool 210. Listening thread 262, 272 
then goes back to accept( ) mode 264, 274. The work thread 
266, 276 processes the incoming request and sends a 
response to the client. When work thread 266, 276 completes 
its tasks it returns to pool 210 of available threads. 

Two service threads 220, including log writer thread 224 
and alarm thread 222, are spun off at server 190 initiafization 
and wait in the background until their services are needed. 
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Log writer routine 224 is spun off in its own thread when 
server 190 starts. It spends most of its time sleeping, but 
wakes up periodically to write out to log files 226 anything 
that needs to be logged. It handles writing to the access and 
error logs. 

At initialization, startup job 240, 250 opens the log files 
226 that are specified in configuration directives 244 (or 
overrides) and then passes the file descriptors to the log 
writer thread 224. As is represented by lines 234 and 236, 
server listening threads 206 and worker threads 210 add log 
data to log queue 228 for log writer thread 224 to log. When 
log writer thread 224 wakes up it checks queue 228 for data 
to be logged. When there is data to be logged, log writer 
thread 224 locks the queue with a mutually exclusive 
(mutex) lock on line 218 and, as is represented by line 238, 
copies the log data from queue 228 into list 216, zeros out 
queue 228, and then releases mutex 218. Log writer thread 
224 can then log the data from list 216 without having other 
threads 206, 210 blocked from writing to queue 228. 

A larm thread 222 is spun oS (spawned'^ in its own th read 
whensef v erTPO starts. It spends most of its time slee ping. 
It wakes tip periodically and checks a lis t of timers 232 that 
a re" associated witn active work threads 210. such as 2 66. 
2 68, 276, 278. WEen a timer 232 expires it indicateTThat a 
work thread 210 ha d_a_pi-nh1PTn rnmplf^^ti'n g Us, task on time. 
When alarm thread 222 fi nds-an^expired-timer the„timer is 
remov ed from the list of timers 232, the outstanding func tion 
bemg processed is t grmm^tf'd^ anH the f^t^V^t ^O'^j ^304 being 
' " ^ d by t^"' ^pqi^^gt ^'g r\cMif>A 

Referring to FIG. 20, in accordance with a specific 
embodiment of the invention, various AS/400 jobs are 
started to support an HTTP server 190. A main job 160 is 
created that will then create additional jobs SSL 180, alarm 
182, log 184, and worker 178. Upon properly configuring 
SSL, a spawn( ) 162 is issued to create job SSL 180 that will 
then listen 272 on port 204 for https requests. This job SSL 
■180 becomes a hstening, or parent job to, for example, 
worker jobs 186. In addition, a number of worker jobs 186 
are created (spawn 168) that are kept in a pool and at a later 
time are dispensed as appropriate with units of work (either 
requests for documents or to execute CGI programs). 
Finally, spawn log 166 creates log job 184 and spawn alarm 
164 creates alarm job 182. USRSPC 150 is used to share 
global data across these jobs. USRSPC 150 is a system 
domain object that is uniquely named per server or worker 
job instance with the instance name and is located in the 
QHTTP library. 

Advantages over the Prior Art 

The advantages of the method of the preferred embodi- 
ment of this invention include the provision of an improved 
administration server which serves administration and con- 
figuration applications to a browser's graphical user inter- 
face. 

It is a further advantage of the invention that there is 
provided an administration server which serves to a browser 
capability for administering and configuring web enabled 
system components. 

It is a further advantage of the invention that there is 
provided an improved administration server which is iso- 
lated from other servers at the site. 

It is a further advantage of the invention that there is 
provided an improved administration server which is iso- 
lated from other servers at the site such that loading of either 
docs not adversely impact the other. 

It is a further advantage of the invention that there is 
provided an improved administration server which enables 
the management of multiple copies or instances of servers. 
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It is a further advantage of the invention that there is 
provided an administration server implemented as a 
browser. 

Alternative Embodiments 

[t will be appreciated that, although specific embodiments 
of the invention have been described herein for purposes of 
illustration, various modifications may be made without 
departing from the spirit and scope of the invention. In 
particular, it is within the scope of the invention to provide 
a memory device, such as a transmission medium, magnetic 
or optical tape or disc, or the like, for storing signals for 
controlling the operation of a computer according to the 
method of the invention and/or to structure its components 
in accordance with the system of the invention. 

Accordingly, the scope of protection of this invention is 
limited only by the following claims and their equivalents. 

We claim: 

1. Method for serving administration and configuration 
pages to a web browser, comprising the steps of: 

providing a plurality of instances of servers on a single 
host system; and 

one of said servers being an administration server includ- 
ing a hardened configuration file which is not alterable 
25 by way of configuration or administration forms by 
storing administration and configuration directives in a 
plurality of files including a re ad -write configuration 
file member and serving to said web brower contents of 
said read-only configuration file member before serv- 
3Q ing contents of said re ad -write configuration file. 

2. A server system, comprising: 
a first server instance; 

a second server instance; 

said first server instance and said second server instance 
35 being resident on a single host system; said first server 
instance including a first configuration file; and 
said second server instance being an administration server 
including a second configuration file, said second con- 
figuration file being a hardened file not alterable by way 
40 of configuration or administration forms by storing 
administration and configuration directives in a plurality 
of files including a read-write configuration file member 
and a read-only configuration file member and serving to 
said web browser contents of said read-only configuration 
45 file member before serving contents of said read-write 
configuration file. 

3. A server system, comprising: 
an administration server instance; 

a global attributes file having one member used by all server 
50 instances on a single host server system; 

one or more configuration files, with each server on said 
single host server system using a particular configuration 
file member; one or more instance files, with a unique 
instance file member for each server instance on said 
55 single host server system; 

contents of said instance file overriding the contents of said 
configuration file, and contents of said confifuration file 
overriding contents of said global attributes file; and 
a configuration file for said administration server instance on 
60 said single host server system being a hardened file not 
alterable by way of configuration or adminstration forms 
by storing administration and configuration directives in a 
plurality of files including a re ad- write configuration file 
member and a read-only configuration file member and 
65 serving contents of said read-only configuration file mem- 
ber before serving contents of said re ad -write configura- 
tion file. 
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4. The server system of claim 3, further comprising: configuratio file member and serving to said web browser 
a browser* contents of said read-only configuration file member befor 

.J , .' . . . . , serving contents of said re ad -write configuration file. 

said administration server being operable to serve pages ^ ^^^^^ administration and configuration 

to said browser for configuring and managing browser ^ pages to a web browser, comprising the steps of: 

conngura e pr uc , storing administration and configuration directives in a 

said configuration file for said administration server plurality of files, said files including a global attributes 

instance restricting usage of said administration server file, a read-write configuration file member, a read-only 

instance to authorized individuals; and configuration file member, and an instance file; 

said read-only configuration file member being hardened iq serving to said web browser the contents of said read-only 

against alteration by any of said pages. configuration file member before serving the contents 

5. The server system of claim 4, said read-only configu- of said read -write configuration file member; and 
ration file member comprising protect, map, pass, and exec using a first encountered directive for controlling a 
directives which cannot be overridden by directives in said selected web activity; 

read-write configuration file member. ^5 whereby a directive for a particular web activity stored in 

6. The server system of claim 5, the instance file for said said read-write configuration file member cannot over- 
administration file member comprising selected directives, ride a corresponding directive stored in said read-only 
including an autostart directive, which may override direc- configuration file member. 

tives in said read-only configuration file. 12. A server system, comprising: 

7. The server system of claim 6, said instance file further 20 an administration server instance; 

including number of server jobs, coded character set a global attributes file having one member used by all server 

identifier, server mapping tables, access log file name, error instances on said server system; 

log file name, non-secure port, and secure port directives one or more configuration files, with each server on said 
which may override corresponding directives in said read- server system using a particular configuration file mem- 
only configuration file member. 25 ber; 

8. The server system of claim 7, said global attributes file one or more instance files, with unique instance file member 
comprising autostart, minjob, maxjob, ccsid, out ccsid, and for each server instance on said server system; 

in ccsid directives. the contents of said instance file overriding the contents of 

9. A program storage device readable by a machine, said configuration file, and the contents of said configu- 
tangibly embodying a program of instructions executable by 30 ratio file overriding the contents of said global attributes 
a machine to perform method steps for serving administra- fije; 

tion and configuration pages to a web browser, said method the configuration file for said administration server instance 

steps comprising: including a read-only member and a read-write member; 

providing a plurality of instances of servers on a single a browser; 

host system; and 35 said administration server being operable to serve pages to 

one of said servers being an administration server including said browser for configuring and managing browser con- 

a configuration file which is not alterable by way of figurable products; 

configuration file which is not alterable by way of con- said configuration file for said administration server instance 

figuration or administration forms by storing administra- restricting usage of said administration server instance to 

tion and configuration directives in a plurality of files 40 authorized individuals; 

including a re ad- write configuration file member and a said read-only configuration file member being hardened 

read-only configuration file member and serving to said against alteration by any of said pages; and 

web browser contents of said read-only condiguration file said read-only configuration file member comprising 

member before serving contents of said read-write con- protect, map, pass, and exec directives which cannot be 

figuration file. 45 overridden by directives in said read-write congfiguration 

10. An article of manufacture comprising: file member. 

a computer usable medium having computer readable pro- 13. The server system of claim 12, the instance file for 
gram code means embodied therein for serving adminis- said administration file member comprising selected 
tration and configuration pages to a web browser, the directives, including an autostart directive, which may over- 
computer readable program means in said article of so ride directives in said read-only configuration file, 
manufacture comprising: 14, The server system of claim 13, said instance file 
computer readable program code means for causing a com- further including number of server jobs, coded character set 
puter toeffect providing a plurality of instances of servers idenitfier, server mapping tables, access log file name, error 
on a single host system, one of said servers being an log file name, non-secure port, and secure port directives 
administration server; and 55 which may override corresponding directives in said read- 
computer readable program code for causing a computer to only configuration file member. 

effect providing for said administration server a configu- 15. The server system of claim 14, said global attributes 

ration file which is not alterable by way of configuration file comprising autostart, minjob, maxjob, ccsid, out ccsid, 

or administration forms by storing administration and and in ccsid dirctives. 

configuration directives in a plurahty of files including a 60 

read-write configuration file member and a read-only * * * * ♦ 
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CERTIFICATE OF CORRECTION 



PATENT NO. : 6,493,749 B2 Page 1 of 1 

DATED : December 10, 2002 

INVENTOR(S) : Frank V. Paxhia et al. 



It is certified that error appears in the above- identified patent and that said Letters Patent is 
hereby corrected as shown below: 



Column 42, 

Line 28, "file member and serving to said web brower" should be -- file member 
and a read-only configuration file member and serving to said web browser -- 
Line 57, "said confifuration file" should be - said configuration file -- 

Column 43, 

Line 38, after "configuration" delete "file which is not alterable by way of 
configuration" 

Line 43, "condiguration file" should be -- configuration file - 
Line 53, "toeffect" should be -- to effect -- 

Column 44, 

Line 1, "configuratio file" should be - configuration file - 
Line 2, "member befor" should be member before - 



Signed and Sealed this 
Twenty-seventh Day of May, 2003 




JAMES E. ROGAN 
Director of the United States Patent and Trademark Office 
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